1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={0x0, 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:49:57 executing program 0: [ 2487.325960][ T7318] device bridge_slave_1 left promiscuous mode [ 2487.332211][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2487.365780][ T7318] device bridge_slave_0 left promiscuous mode [ 2487.371998][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2488.235236][ T7318] device hsr_slave_0 left promiscuous mode [ 2488.275070][ T7318] device hsr_slave_1 left promiscuous mode [ 2488.342069][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2488.354122][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2488.364727][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2488.410017][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2488.480452][ T7318] bond0 (unregistering): Released all slaves [ 2488.573443][ T8624] IPVS: ftp: loaded support on port[0] = 21 [ 2488.638725][ T8624] chnl_net:caif_netlink_parms(): no params data found [ 2488.671071][ T8624] bridge0: port 1(bridge_slave_0) entered blocking state [ 2488.678406][ T8624] bridge0: port 1(bridge_slave_0) entered disabled state [ 2488.686417][ T8624] device bridge_slave_0 entered promiscuous mode [ 2488.739355][ T8624] bridge0: port 2(bridge_slave_1) entered blocking state [ 2488.746580][ T8624] bridge0: port 2(bridge_slave_1) entered disabled state [ 2488.754587][ T8624] device bridge_slave_1 entered promiscuous mode [ 2488.786346][ T8624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2488.800934][ T8624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2488.830247][ T8624] team0: Port device team_slave_0 added [ 2488.841250][ T8624] team0: Port device team_slave_1 added [ 2488.918631][ T8624] device hsr_slave_0 entered promiscuous mode [ 2488.975408][ T8624] device hsr_slave_1 entered promiscuous mode [ 2489.014964][ T8624] debugfs: Directory 'hsr0' with parent '/' already present! [ 2489.036014][ T8624] bridge0: port 2(bridge_slave_1) entered blocking state [ 2489.043089][ T8624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2489.050452][ T8624] bridge0: port 1(bridge_slave_0) entered blocking state [ 2489.057525][ T8624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2489.098037][ T8624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2489.112335][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2489.121542][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2489.130377][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2489.145863][ T8624] 8021q: adding VLAN 0 to HW filter on device team0 [ 2489.158554][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2489.172500][T31174] bridge0: port 1(bridge_slave_0) entered blocking state [ 2489.179679][T31174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2489.213901][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2489.222786][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2489.229905][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2489.246087][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2489.260649][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2489.276112][ T8624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2489.286853][ T8624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2489.300676][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2489.309936][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2489.323872][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2489.335941][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2489.352388][ T8624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2489.907670][ T8632] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2489.924741][ T8632] CPU: 0 PID: 8632 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2489.932604][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2489.942718][ T8632] Call Trace: [ 2489.946044][ T8632] dump_stack+0xf5/0x159 [ 2489.950291][ T8632] dump_header+0xaa/0x449 [ 2489.954652][ T8632] oom_kill_process.cold+0x10/0x15 [ 2489.959756][ T8632] out_of_memory+0x231/0xa00 [ 2489.964337][ T8632] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2489.970019][ T8632] mem_cgroup_out_of_memory+0x128/0x150 [ 2489.975562][ T8632] try_charge+0xb3a/0xbc0 [ 2489.979966][ T8632] ? rcu_note_context_switch+0x700/0x760 [ 2489.985719][ T8632] mem_cgroup_try_charge+0xd2/0x260 [ 2489.990916][ T8632] __add_to_page_cache_locked+0x163/0x780 [ 2489.996650][ T8632] ? __read_once_size.constprop.0+0x20/0x20 [ 2490.002551][ T8632] add_to_page_cache_lru+0xe2/0x2d0 [ 2490.007812][ T8632] pagecache_get_page+0x2ab/0x760 [ 2490.012848][ T8632] grab_cache_page_write_begin+0x5d/0x90 [ 2490.018538][ T8632] ext4_da_write_begin+0x175/0x7e0 [ 2490.023642][ T8632] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2490.029269][ T8632] generic_perform_write+0x136/0x320 [ 2490.034647][ T8632] __generic_file_write_iter+0x251/0x380 [ 2490.040276][ T8632] ext4_file_write_iter+0x1bd/0xa00 [ 2490.045508][ T8632] new_sync_write+0x388/0x4a0 [ 2490.050209][ T8632] __vfs_write+0xb1/0xc0 [ 2490.054493][ T8632] vfs_write+0x18a/0x390 [ 2490.058728][ T8632] ksys_write+0xd5/0x1b0 [ 2490.063039][ T8632] __x64_sys_write+0x4c/0x60 [ 2490.067623][ T8632] do_syscall_64+0xcc/0x370 [ 2490.072119][ T8632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2490.077998][ T8632] RIP: 0033:0x459f39 [ 2490.081903][ T8632] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2490.101527][ T8632] RSP: 002b:00007fb27e0ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2490.109927][ T8632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2490.117886][ T8632] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2490.125886][ T8632] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2490.133848][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb27e0de6d4 [ 2490.141804][ T8632] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2490.152376][ T8632] memory: usage 4812kB, limit 0kB, failcnt 5089 [ 2490.161154][ T8632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2490.168557][ T8632] Memory cgroup stats for /syz1: [ 2490.168832][ T8632] anon 4268032 [ 2490.168832][ T8632] file 131072 [ 2490.168832][ T8632] kernel_stack 36864 [ 2490.168832][ T8632] slab 184320 [ 2490.168832][ T8632] sock 0 [ 2490.168832][ T8632] shmem 0 [ 2490.168832][ T8632] file_mapped 0 [ 2490.168832][ T8632] file_dirty 0 [ 2490.168832][ T8632] file_writeback 0 [ 2490.168832][ T8632] anon_thp 4194304 [ 2490.168832][ T8632] inactive_anon 0 [ 2490.168832][ T8632] active_anon 4268032 [ 2490.168832][ T8632] inactive_file 0 [ 2490.168832][ T8632] active_file 0 [ 2490.168832][ T8632] unevictable 0 [ 2490.168832][ T8632] slab_reclaimable 135168 [ 2490.168832][ T8632] slab_unreclaimable 49152 [ 2490.168832][ T8632] pgfault 101145 [ 2490.168832][ T8632] pgmajfault 0 [ 2490.168832][ T8632] workingset_refault 0 [ 2490.168832][ T8632] workingset_activate 0 [ 2490.168832][ T8632] workingset_nodereclaim 1485 [ 2490.168832][ T8632] pgrefill 49886 [ 2490.168832][ T8632] pgscan 527118 [ 2490.168832][ T8632] pgsteal 184171 [ 2490.168832][ T8632] pgactivate 131274 [ 2490.268067][ T8632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8630,uid=0 [ 2490.283602][ T8632] Memory cgroup out of memory: Killed process 8630 (syz-executor.1) total-vm:72852kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2490.304552][ T1062] oom_reaper: reaped process 8630 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:01 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:01 executing program 4: 07:50:01 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x0, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) 07:50:01 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(0xffffffffffffffff, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:01 executing program 0: 07:50:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={0x0, 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2490.381926][ T8624] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2490.392964][ T8624] CPU: 1 PID: 8624 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2490.400799][ T8624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.410934][ T8624] Call Trace: [ 2490.414249][ T8624] dump_stack+0xf5/0x159 [ 2490.418520][ T8624] dump_header+0xaa/0x449 [ 2490.422897][ T8624] oom_kill_process.cold+0x10/0x15 [ 2490.428060][ T8624] out_of_memory+0x231/0xa00 [ 2490.432671][ T8624] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2490.438328][ T8624] mem_cgroup_out_of_memory+0x128/0x150 [ 2490.443915][ T8624] try_charge+0xb3a/0xbc0 [ 2490.448341][ T8624] ? rcu_note_context_switch+0x700/0x760 [ 2490.454003][ T8624] mem_cgroup_try_charge+0xd2/0x260 [ 2490.459268][ T8624] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2490.464932][ T8624] __handle_mm_fault+0x179a/0x2cb0 [ 2490.470159][ T8624] handle_mm_fault+0x21b/0x530 [ 2490.474194][ T25] audit: type=1804 audit(1572076201.251:119): pid=8639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2276/bus" dev="sda1" ino=16551 res=1 [ 2490.474960][ T8624] __do_page_fault+0x3fb/0x9e0 [ 2490.475067][ T8624] do_page_fault+0x54/0x233 [ 2490.475120][ T8624] ? do_syscall_64+0x270/0x370 [ 2490.513753][ T8624] page_fault+0x34/0x40 [ 2490.518029][ T8624] RIP: 0033:0x403a42 [ 2490.521976][ T8624] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 19 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 39 44 05 00 48 [ 2490.541598][ T8624] RSP: 002b:00007ffd2200ee10 EFLAGS: 00010246 [ 2490.541981][ T25] audit: type=1804 audit(1572076201.291:120): pid=8639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2276/bus" dev="sda1" ino=16551 res=1 [ 2490.547675][ T8624] RAX: 0000000000000000 RBX: 000000000025fd33 RCX: 00000000004139f0 [ 2490.547760][ T8624] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd2200ff40 [ 2490.547776][ T8624] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d5c940 [ 2490.547809][ T8624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2200ff40 [ 2490.603702][ T8624] R13: 00007ffd2200ff30 R14: 0000000000000000 R15: 00007ffd2200ff40 07:50:01 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(0xffffffffffffffff, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:01 executing program 0: 07:50:01 executing program 4: 07:50:01 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x0, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2490.914981][ T8624] memory: usage 404kB, limit 0kB, failcnt 5098 [ 2490.922712][ T8624] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2490.941601][ T8624] Memory cgroup stats for /syz1: [ 2490.941839][ T8624] anon 65536 [ 2490.941839][ T8624] file 131072 [ 2490.941839][ T8624] kernel_stack 0 [ 2490.941839][ T8624] slab 184320 [ 2490.941839][ T8624] sock 0 [ 2490.941839][ T8624] shmem 0 [ 2490.941839][ T8624] file_mapped 0 [ 2490.941839][ T8624] file_dirty 135168 [ 2490.941839][ T8624] file_writeback 0 [ 2490.941839][ T8624] anon_thp 0 [ 2490.941839][ T8624] inactive_anon 0 [ 2490.941839][ T8624] active_anon 65536 [ 2490.941839][ T8624] inactive_file 0 [ 2490.941839][ T8624] active_file 0 [ 2490.941839][ T8624] unevictable 0 [ 2490.941839][ T8624] slab_reclaimable 135168 [ 2490.941839][ T8624] slab_unreclaimable 49152 [ 2490.941839][ T8624] pgfault 101145 [ 2490.941839][ T8624] pgmajfault 0 [ 2490.941839][ T8624] workingset_refault 0 [ 2490.941839][ T8624] workingset_activate 0 [ 2490.941839][ T8624] workingset_nodereclaim 1518 [ 2490.941839][ T8624] pgrefill 49886 [ 2490.941839][ T8624] pgscan 527118 [ 2490.941839][ T8624] pgsteal 184171 [ 2490.941839][ T8624] pgactivate 131274 [ 2490.989626][ T25] audit: type=1804 audit(1572076201.741:121): pid=8647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2277/bus" dev="sda1" ino=16705 res=1 07:50:02 executing program 0: 07:50:02 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x0, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2491.270682][ T8624] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8624,uid=0 [ 2491.395780][ T8624] Memory cgroup out of memory: Killed process 8624 (syz-executor.1) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2491.454982][ T25] audit: type=1804 audit(1572076201.881:122): pid=8651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2277/bus" dev="sda1" ino=16705 res=1 [ 2491.603873][ T1062] oom_reaper: reaped process 8624 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:02 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={0x0, 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:02 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(0xffffffffffffffff, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:02 executing program 4: 07:50:02 executing program 0: 07:50:02 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x0, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2492.013172][ T25] audit: type=1804 audit(1572076202.791:123): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2278/bus" dev="sda1" ino=16610 res=1 [ 2492.094874][ T25] audit: type=1804 audit(1572076202.801:124): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2278/bus" dev="sda1" ino=16610 res=1 [ 2492.386155][ T7318] device bridge_slave_1 left promiscuous mode [ 2492.392489][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2492.435674][ T7318] device bridge_slave_0 left promiscuous mode [ 2492.441981][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2493.285099][ T7318] device hsr_slave_0 left promiscuous mode [ 2493.325051][ T7318] device hsr_slave_1 left promiscuous mode [ 2493.383410][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2493.394835][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2493.405466][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2493.460039][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2493.530832][ T7318] bond0 (unregistering): Released all slaves [ 2493.664089][ T8670] IPVS: ftp: loaded support on port[0] = 21 [ 2493.729568][ T8670] chnl_net:caif_netlink_parms(): no params data found [ 2493.761859][ T8670] bridge0: port 1(bridge_slave_0) entered blocking state [ 2493.769061][ T8670] bridge0: port 1(bridge_slave_0) entered disabled state [ 2493.777133][ T8670] device bridge_slave_0 entered promiscuous mode [ 2493.784687][ T8670] bridge0: port 2(bridge_slave_1) entered blocking state [ 2493.791827][ T8670] bridge0: port 2(bridge_slave_1) entered disabled state [ 2493.799773][ T8670] device bridge_slave_1 entered promiscuous mode [ 2493.821051][ T8670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2493.896998][ T8670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2493.929253][ T8670] team0: Port device team_slave_0 added [ 2493.936945][ T8670] team0: Port device team_slave_1 added [ 2494.008207][ T8670] device hsr_slave_0 entered promiscuous mode [ 2494.045353][ T8670] device hsr_slave_1 entered promiscuous mode [ 2494.094966][ T8670] debugfs: Directory 'hsr0' with parent '/' already present! [ 2494.117175][ T8670] bridge0: port 2(bridge_slave_1) entered blocking state [ 2494.124316][ T8670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2494.131735][ T8670] bridge0: port 1(bridge_slave_0) entered blocking state [ 2494.138906][ T8670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2494.194268][ T8670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2494.209298][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2494.218237][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2494.227267][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2494.247101][ T8670] 8021q: adding VLAN 0 to HW filter on device team0 [ 2494.264464][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2494.273771][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2494.280875][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2494.305280][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2494.313825][T31174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2494.320973][T31174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2494.355246][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2494.369621][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2494.379490][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2494.392733][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2494.403221][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2494.412141][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2494.433980][ T8670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2494.885930][ T8680] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2494.896317][ T8680] CPU: 0 PID: 8680 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2494.904132][ T8680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.914169][ T8680] Call Trace: [ 2494.917466][ T8680] dump_stack+0xf5/0x159 [ 2494.921746][ T8680] dump_header+0xaa/0x449 [ 2494.926070][ T8680] oom_kill_process.cold+0x10/0x15 [ 2494.931172][ T8680] out_of_memory+0x231/0xa00 [ 2494.935759][ T8680] mem_cgroup_out_of_memory+0x128/0x150 [ 2494.941384][ T8680] memory_max_write+0x17b/0x250 [ 2494.946225][ T8680] cgroup_file_write+0x119/0x320 [ 2494.951151][ T8680] ? high_work_func+0x30/0x30 [ 2494.955822][ T8680] kernfs_fop_write+0x1f4/0x2e0 [ 2494.960695][ T8680] ? cgroup_css.part.0+0x90/0x90 [ 2494.965659][ T8680] __vfs_write+0x67/0xc0 [ 2494.969922][ T8680] ? kernfs_seq_show+0xe0/0xe0 [ 2494.974671][ T8680] vfs_write+0x18a/0x390 [ 2494.978909][ T8680] ksys_write+0xd5/0x1b0 [ 2494.983185][ T8680] __x64_sys_write+0x4c/0x60 [ 2494.987766][ T8680] do_syscall_64+0xcc/0x370 [ 2494.992261][ T8680] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2494.998133][ T8680] RIP: 0033:0x459f39 [ 2495.002022][ T8680] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2495.022045][ T8680] RSP: 002b:00007fbd8ff8dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2495.030550][ T8680] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2495.038505][ T8680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2495.046461][ T8680] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2495.054416][ T8680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd8ff8e6d4 [ 2495.062371][ T8680] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2495.070575][ T8680] memory: usage 6832kB, limit 0kB, failcnt 4754 [ 2495.076959][ T8680] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2495.083816][ T8680] Memory cgroup stats for /syz2: [ 2495.083943][ T8680] anon 6369280 [ 2495.083943][ T8680] file 57344 [ 2495.083943][ T8680] kernel_stack 36864 [ 2495.083943][ T8680] slab 376832 [ 2495.083943][ T8680] sock 0 [ 2495.083943][ T8680] shmem 0 [ 2495.083943][ T8680] file_mapped 0 [ 2495.083943][ T8680] file_dirty 0 [ 2495.083943][ T8680] file_writeback 0 [ 2495.083943][ T8680] anon_thp 6291456 [ 2495.083943][ T8680] inactive_anon 135168 [ 2495.083943][ T8680] active_anon 6369280 [ 2495.083943][ T8680] inactive_file 241664 [ 2495.083943][ T8680] active_file 45056 [ 2495.083943][ T8680] unevictable 0 [ 2495.083943][ T8680] slab_reclaimable 270336 [ 2495.083943][ T8680] slab_unreclaimable 106496 [ 2495.083943][ T8680] pgfault 110286 [ 2495.083943][ T8680] pgmajfault 0 [ 2495.083943][ T8680] workingset_refault 0 [ 2495.083943][ T8680] workingset_activate 0 [ 2495.083943][ T8680] workingset_nodereclaim 1914 [ 2495.083943][ T8680] pgrefill 79261 [ 2495.083943][ T8680] pgscan 644423 [ 2495.083943][ T8680] pgsteal 202822 [ 2495.177637][ T8680] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8677,uid=0 [ 2495.193776][ T8680] Memory cgroup out of memory: Killed process 8677 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2495.216381][ T1062] oom_reaper: reaped process 8677 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:06 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:06 executing program 4: 07:50:06 executing program 0: 07:50:06 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={0x0, 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:06 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x0, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) 07:50:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) r5 = dup(r4) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x200004) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2495.315942][ T8670] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2495.326052][ T8670] CPU: 0 PID: 8670 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2495.334014][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2495.344096][ T8670] Call Trace: [ 2495.347452][ T8670] dump_stack+0xf5/0x159 [ 2495.351837][ T8670] dump_header+0xaa/0x449 [ 2495.356199][ T8670] oom_kill_process.cold+0x10/0x15 [ 2495.361330][ T8670] out_of_memory+0x231/0xa00 [ 2495.365993][ T8670] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2495.371694][ T8670] mem_cgroup_out_of_memory+0x128/0x150 [ 2495.377312][ T8670] try_charge+0xb3a/0xbc0 [ 2495.381670][ T8670] ? rcu_note_context_switch+0x700/0x760 [ 2495.387335][ T8670] mem_cgroup_try_charge+0xd2/0x260 [ 2495.392563][ T8670] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2495.398330][ T8670] wp_page_copy+0x322/0x1160 [ 2495.403009][ T8670] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2495.408701][ T8670] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2495.414398][ T8670] do_wp_page+0x192/0x11f0 [ 2495.418825][ T8670] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2495.424481][ T8670] __handle_mm_fault+0x1c07/0x2cb0 [ 2495.429639][ T8670] handle_mm_fault+0x21b/0x530 [ 2495.434463][ T8670] __do_page_fault+0x3fb/0x9e0 [ 2495.439259][ T8670] do_page_fault+0x54/0x233 [ 2495.443883][ T8670] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2495.449622][ T8670] page_fault+0x34/0x40 [ 2495.453794][ T8670] RIP: 0033:0x431016 [ 2495.457720][ T8670] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2495.477385][ T8670] RSP: 002b:00007ffd40174680 EFLAGS: 00010206 [ 2495.483562][ T8670] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2495.491543][ T8670] RDX: 0000000001e3e930 RSI: 0000000001e46970 RDI: 0000000000000003 [ 2495.499559][ T8670] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001e3d940 [ 2495.507543][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2495.515539][ T8670] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2495.535035][ T8670] memory: usage 376kB, limit 0kB, failcnt 4763 [ 2495.541356][ T8670] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2495.562963][ T8670] Memory cgroup stats for /syz2: [ 2495.563248][ T8670] anon 8192 [ 2495.563248][ T8670] file 57344 [ 2495.563248][ T8670] kernel_stack 0 [ 2495.563248][ T8670] slab 376832 [ 2495.563248][ T8670] sock 0 [ 2495.563248][ T8670] shmem 0 [ 2495.563248][ T8670] file_mapped 0 [ 2495.563248][ T8670] file_dirty 0 [ 2495.563248][ T8670] file_writeback 0 [ 2495.563248][ T8670] anon_thp 0 [ 2495.563248][ T8670] inactive_anon 135168 [ 2495.563248][ T8670] active_anon 8192 [ 2495.563248][ T8670] inactive_file 241664 [ 2495.563248][ T8670] active_file 45056 [ 2495.563248][ T8670] unevictable 0 [ 2495.563248][ T8670] slab_reclaimable 270336 [ 2495.563248][ T8670] slab_unreclaimable 106496 [ 2495.563248][ T8670] pgfault 110286 [ 2495.563248][ T8670] pgmajfault 0 [ 2495.563248][ T8670] workingset_refault 0 [ 2495.563248][ T8670] workingset_activate 0 [ 2495.563248][ T8670] workingset_nodereclaim 1947 [ 2495.563248][ T8670] pgrefill 79261 [ 2495.563248][ T8670] pgscan 644423 [ 2495.563248][ T8670] pgsteal 202822 [ 2495.563248][ T8670] pgactivate 177705 07:50:06 executing program 0: [ 2495.613093][ T25] audit: type=1804 audit(1572076206.361:125): pid=8688 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2279/bus" dev="sda1" ino=16706 res=1 07:50:06 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x0, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) 07:50:06 executing program 4: 07:50:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) r5 = dup(r4) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x200004) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2495.937239][ T25] audit: type=1804 audit(1572076206.481:126): pid=8689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2279/bus" dev="sda1" ino=16706 res=1 [ 2496.044332][ T25] audit: type=1804 audit(1572076206.821:127): pid=8698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2280/bus" dev="sda1" ino=16706 res=1 07:50:06 executing program 0: [ 2496.085869][ T8670] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8670,uid=0 07:50:06 executing program 4: [ 2496.130841][ T25] audit: type=1804 audit(1572076206.861:128): pid=8698 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2280/bus" dev="sda1" ino=16706 res=1 [ 2496.156253][ T8670] Memory cgroup out of memory: Killed process 8670 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2496.230367][ T1062] oom_reaper: reaped process 8670 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:07 executing program 4: 07:50:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) r4 = socket(0x2, 0x803, 0xff) r5 = dup(r4) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x200004) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2496.877702][ T25] audit: type=1804 audit(1572076207.661:129): pid=8707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2281/bus" dev="sda1" ino=16706 res=1 [ 2496.933520][ T25] audit: type=1804 audit(1572076207.671:130): pid=8707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2281/bus" dev="sda1" ino=16706 res=1 [ 2497.316077][ T7318] device bridge_slave_1 left promiscuous mode [ 2497.322295][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2497.375892][ T7318] device bridge_slave_0 left promiscuous mode [ 2497.382209][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2498.205201][ T7318] device hsr_slave_0 left promiscuous mode [ 2498.275380][ T7318] device hsr_slave_1 left promiscuous mode [ 2498.363487][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2498.374340][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2498.384643][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2498.428816][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2498.491392][ T7318] bond0 (unregistering): Released all slaves [ 2498.593627][ T8711] IPVS: ftp: loaded support on port[0] = 21 [ 2498.657241][ T8711] chnl_net:caif_netlink_parms(): no params data found [ 2498.736938][ T8711] bridge0: port 1(bridge_slave_0) entered blocking state [ 2498.744095][ T8711] bridge0: port 1(bridge_slave_0) entered disabled state [ 2498.754831][ T8711] device bridge_slave_0 entered promiscuous mode [ 2498.768139][ T8711] bridge0: port 2(bridge_slave_1) entered blocking state [ 2498.777470][ T8711] bridge0: port 2(bridge_slave_1) entered disabled state [ 2498.788341][ T8711] device bridge_slave_1 entered promiscuous mode [ 2498.818785][ T8711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2498.832353][ T8711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2498.858283][ T8711] team0: Port device team_slave_0 added [ 2498.865832][ T8711] team0: Port device team_slave_1 added [ 2498.952324][ T8711] device hsr_slave_0 entered promiscuous mode [ 2498.995356][ T8711] device hsr_slave_1 entered promiscuous mode [ 2499.074963][ T8711] debugfs: Directory 'hsr0' with parent '/' already present! [ 2499.096142][ T8711] bridge0: port 2(bridge_slave_1) entered blocking state [ 2499.103291][ T8711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2499.110671][ T8711] bridge0: port 1(bridge_slave_0) entered blocking state [ 2499.117740][ T8711] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2499.170551][ T8711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2499.184618][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2499.198521][T26241] bridge0: port 1(bridge_slave_0) entered disabled state [ 2499.210291][T26241] bridge0: port 2(bridge_slave_1) entered disabled state [ 2499.230657][ T8711] 8021q: adding VLAN 0 to HW filter on device team0 [ 2499.248075][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2499.259273][T26241] bridge0: port 1(bridge_slave_0) entered blocking state [ 2499.266353][T26241] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2499.289971][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2499.298654][ T5583] bridge0: port 2(bridge_slave_1) entered blocking state [ 2499.305713][ T5583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2499.327309][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2499.336736][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2499.351116][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2499.362612][ T8711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2499.374222][ T8711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2499.382446][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2499.390781][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2499.413406][ T8711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2499.948672][ T8718] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2499.966616][ T8718] CPU: 1 PID: 8718 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2499.974461][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2499.984539][ T8718] Call Trace: [ 2499.987867][ T8718] dump_stack+0xf5/0x159 [ 2499.992116][ T8718] dump_header+0xaa/0x449 [ 2499.996479][ T8718] oom_kill_process.cold+0x10/0x15 [ 2500.001781][ T8718] out_of_memory+0x231/0xa00 [ 2500.006371][ T8718] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.012082][ T8718] mem_cgroup_out_of_memory+0x128/0x150 [ 2500.017641][ T8718] try_charge+0xb3a/0xbc0 [ 2500.022017][ T8718] ? rcu_note_context_switch+0x700/0x760 [ 2500.027651][ T8718] mem_cgroup_try_charge+0xd2/0x260 [ 2500.032979][ T8718] __add_to_page_cache_locked+0x163/0x780 [ 2500.038703][ T8718] ? __read_once_size.constprop.0+0x20/0x20 [ 2500.044689][ T8718] add_to_page_cache_lru+0xe2/0x2d0 [ 2500.049881][ T8718] pagecache_get_page+0x2ab/0x760 [ 2500.054959][ T8718] grab_cache_page_write_begin+0x5d/0x90 [ 2500.060592][ T8718] ext4_da_write_begin+0x175/0x7e0 [ 2500.065736][ T8718] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.071416][ T8718] generic_perform_write+0x136/0x320 [ 2500.076701][ T8718] __generic_file_write_iter+0x251/0x380 [ 2500.082350][ T8718] ext4_file_write_iter+0x1bd/0xa00 [ 2500.087546][ T8718] new_sync_write+0x388/0x4a0 [ 2500.092228][ T8718] __vfs_write+0xb1/0xc0 [ 2500.096508][ T8718] vfs_write+0x18a/0x390 [ 2500.100814][ T8718] ksys_write+0xd5/0x1b0 [ 2500.105062][ T8718] __x64_sys_write+0x4c/0x60 [ 2500.109712][ T8718] do_syscall_64+0xcc/0x370 [ 2500.114209][ T8718] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2500.120157][ T8718] RIP: 0033:0x459f39 [ 2500.124051][ T8718] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2500.143671][ T8718] RSP: 002b:00007f392f7c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2500.152139][ T8718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2500.160112][ T8718] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2500.168072][ T8718] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2500.176068][ T8718] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f392f7c16d4 [ 2500.184032][ T8718] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2500.194959][ T8718] memory: usage 4820kB, limit 0kB, failcnt 5139 [ 2500.201309][ T8718] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2500.208583][ T8718] Memory cgroup stats for /syz1: [ 2500.215222][ T8718] anon 4268032 [ 2500.215222][ T8718] file 0 [ 2500.215222][ T8718] kernel_stack 36864 [ 2500.215222][ T8718] slab 184320 [ 2500.215222][ T8718] sock 0 [ 2500.215222][ T8718] shmem 0 [ 2500.215222][ T8718] file_mapped 0 [ 2500.215222][ T8718] file_dirty 0 [ 2500.215222][ T8718] file_writeback 0 [ 2500.215222][ T8718] anon_thp 4194304 [ 2500.215222][ T8718] inactive_anon 0 [ 2500.215222][ T8718] active_anon 4268032 [ 2500.215222][ T8718] inactive_file 0 [ 2500.215222][ T8718] active_file 0 [ 2500.215222][ T8718] unevictable 0 [ 2500.215222][ T8718] slab_reclaimable 135168 [ 2500.215222][ T8718] slab_unreclaimable 49152 [ 2500.215222][ T8718] pgfault 101211 [ 2500.215222][ T8718] pgmajfault 0 [ 2500.215222][ T8718] workingset_refault 0 [ 2500.215222][ T8718] workingset_activate 0 [ 2500.215222][ T8718] workingset_nodereclaim 1518 [ 2500.215222][ T8718] pgrefill 49886 [ 2500.215222][ T8718] pgscan 531863 [ 2500.215222][ T8718] pgsteal 186617 [ 2500.215222][ T8718] pgactivate 132165 [ 2500.311392][ T8718] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8717,uid=0 [ 2500.327096][ T8718] Memory cgroup out of memory: Killed process 8717 (syz-executor.1) total-vm:72852kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 2500.350651][ T1062] oom_reaper: reaped process 8717 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:11 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={0x0, 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:11 executing program 0: [ 2500.452142][ T8711] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2500.462233][ T8711] CPU: 0 PID: 8711 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2500.470043][ T8711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2500.480203][ T8711] Call Trace: [ 2500.483552][ T8711] dump_stack+0xf5/0x159 [ 2500.487820][ T8711] dump_header+0xaa/0x449 [ 2500.492199][ T8711] oom_kill_process.cold+0x10/0x15 [ 2500.497342][ T8711] out_of_memory+0x231/0xa00 [ 2500.503125][ T8711] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.508791][ T8711] mem_cgroup_out_of_memory+0x128/0x150 [ 2500.514423][ T8711] try_charge+0xb3a/0xbc0 [ 2500.518878][ T8711] ? rcu_note_context_switch+0x700/0x760 [ 2500.524572][ T8711] mem_cgroup_try_charge+0xd2/0x260 [ 2500.529833][ T8711] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2500.535574][ T8711] wp_page_copy+0x322/0x1160 [ 2500.540184][ T8711] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.545849][ T8711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.552111][ T8711] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.557864][ T8711] do_wp_page+0x192/0x11f0 [ 2500.562303][ T8711] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2500.567970][ T8711] __handle_mm_fault+0x1c07/0x2cb0 [ 2500.573183][ T8711] handle_mm_fault+0x21b/0x530 [ 2500.577976][ T8711] __do_page_fault+0x3fb/0x9e0 [ 2500.582777][ T8711] do_page_fault+0x54/0x233 [ 2500.587298][ T8711] ? do_syscall_64+0x270/0x370 [ 2500.592160][ T8711] page_fault+0x34/0x40 [ 2500.596321][ T8711] RIP: 0033:0x403a42 [ 2500.600238][ T8711] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 19 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 39 44 05 00 48 [ 2500.619999][ T8711] RSP: 002b:00007ffe58464dc0 EFLAGS: 00010246 [ 2500.626075][ T8711] RAX: 0000000000000000 RBX: 000000000026249b RCX: 00000000004139f0 [ 2500.634127][ T8711] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe58465ef0 [ 2500.642108][ T8711] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d39940 07:50:11 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x0, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) 07:50:11 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:11 executing program 4: 07:50:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:11 executing program 4: 07:50:11 executing program 0: [ 2500.650136][ T8711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe58465ef0 [ 2500.658184][ T8711] R13: 00007ffe58465ee0 R14: 0000000000000000 R15: 00007ffe58465ef0 [ 2500.709746][ T25] audit: type=1804 audit(1572076211.491:131): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2282/bus" dev="sda1" ino=16547 res=1 [ 2500.781768][ T25] audit: type=1804 audit(1572076211.521:132): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2282/bus" dev="sda1" ino=16547 res=1 07:50:11 executing program 0: 07:50:11 executing program 4: [ 2500.945363][ T8711] memory: usage 408kB, limit 0kB, failcnt 5150 [ 2500.952871][ T8711] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2500.985090][ T8711] Memory cgroup stats for /syz1: [ 2500.986520][ T8711] anon 57344 [ 2500.986520][ T8711] file 0 [ 2500.986520][ T8711] kernel_stack 36864 [ 2500.986520][ T8711] slab 184320 [ 2500.986520][ T8711] sock 0 [ 2500.986520][ T8711] shmem 0 [ 2500.986520][ T8711] file_mapped 0 [ 2500.986520][ T8711] file_dirty 0 [ 2500.986520][ T8711] file_writeback 0 [ 2500.986520][ T8711] anon_thp 0 [ 2500.986520][ T8711] inactive_anon 0 [ 2500.986520][ T8711] active_anon 57344 [ 2500.986520][ T8711] inactive_file 0 [ 2500.986520][ T8711] active_file 0 07:50:11 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfffffffffffffe6e) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x65a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080), 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x0, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2500.986520][ T8711] unevictable 0 [ 2500.986520][ T8711] slab_reclaimable 135168 [ 2500.986520][ T8711] slab_unreclaimable 49152 [ 2500.986520][ T8711] pgfault 101211 [ 2500.986520][ T8711] pgmajfault 0 [ 2500.986520][ T8711] workingset_refault 0 [ 2500.986520][ T8711] workingset_activate 0 [ 2500.986520][ T8711] workingset_nodereclaim 1584 [ 2500.986520][ T8711] pgrefill 49886 [ 2500.986520][ T8711] pgscan 531863 [ 2500.986520][ T8711] pgsteal 186617 [ 2500.986520][ T8711] pgactivate 132165 07:50:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2501.274496][ T25] audit: type=1804 audit(1572076212.051:133): pid=8739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2283/bus" dev="sda1" ino=16817 res=1 [ 2501.370644][ T25] audit: type=1804 audit(1572076212.101:134): pid=8739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2283/bus" dev="sda1" ino=16817 res=1 [ 2501.455134][ T8711] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8711,uid=0 [ 2501.595009][ T8711] Memory cgroup out of memory: Killed process 8711 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 07:50:12 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:12 executing program 4: 07:50:12 executing program 0: [ 2502.135598][ T7318] device bridge_slave_1 left promiscuous mode [ 2502.141915][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2502.175939][ T7318] device bridge_slave_0 left promiscuous mode [ 2502.182173][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2502.975153][ T7318] device hsr_slave_0 left promiscuous mode [ 2503.065268][ T7318] device hsr_slave_1 left promiscuous mode [ 2503.128411][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2503.139327][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2503.151363][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2503.220069][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2503.290526][ T7318] bond0 (unregistering): Released all slaves [ 2503.413669][ T8748] IPVS: ftp: loaded support on port[0] = 21 [ 2503.476744][ T8748] chnl_net:caif_netlink_parms(): no params data found [ 2503.565027][ T8748] bridge0: port 1(bridge_slave_0) entered blocking state [ 2503.572176][ T8748] bridge0: port 1(bridge_slave_0) entered disabled state [ 2503.584723][ T8748] device bridge_slave_0 entered promiscuous mode [ 2503.592724][ T8748] bridge0: port 2(bridge_slave_1) entered blocking state [ 2503.604122][ T8748] bridge0: port 2(bridge_slave_1) entered disabled state [ 2503.612256][ T8748] device bridge_slave_1 entered promiscuous mode [ 2503.644533][ T8748] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2503.659914][ T8748] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2503.687494][ T8748] team0: Port device team_slave_0 added [ 2503.694540][ T8748] team0: Port device team_slave_1 added [ 2503.768432][ T8748] device hsr_slave_0 entered promiscuous mode [ 2503.805316][ T8748] device hsr_slave_1 entered promiscuous mode [ 2503.844945][ T8748] debugfs: Directory 'hsr0' with parent '/' already present! [ 2503.866498][ T8748] bridge0: port 2(bridge_slave_1) entered blocking state [ 2503.873577][ T8748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2503.880964][ T8748] bridge0: port 1(bridge_slave_0) entered blocking state [ 2503.888071][ T8748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2503.942275][ T8748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2503.961138][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2503.970002][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2503.983558][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2504.004828][ T8748] 8021q: adding VLAN 0 to HW filter on device team0 [ 2504.022006][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2504.031137][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2504.038216][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2504.068530][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2504.077216][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2504.084258][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2504.094498][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2504.109975][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2504.129873][ T8748] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2504.140378][ T8748] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2504.153473][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2504.162305][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2504.171385][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2504.180309][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2504.197867][ T8748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2504.541375][ T8758] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2504.551814][ T8758] CPU: 1 PID: 8758 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2504.559604][ T8758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2504.569640][ T8758] Call Trace: [ 2504.572921][ T8758] dump_stack+0xf5/0x159 [ 2504.577159][ T8758] dump_header+0xaa/0x449 [ 2504.581525][ T8758] oom_kill_process.cold+0x10/0x15 [ 2504.586628][ T8758] out_of_memory+0x231/0xa00 [ 2504.591244][ T8758] mem_cgroup_out_of_memory+0x128/0x150 [ 2504.596815][ T8758] memory_max_write+0x17b/0x250 [ 2504.601685][ T8758] cgroup_file_write+0x119/0x320 [ 2504.606615][ T8758] ? high_work_func+0x30/0x30 [ 2504.611285][ T8758] kernfs_fop_write+0x1f4/0x2e0 [ 2504.616125][ T8758] ? cgroup_css.part.0+0x90/0x90 [ 2504.621058][ T8758] __vfs_write+0x67/0xc0 [ 2504.625371][ T8758] ? kernfs_seq_show+0xe0/0xe0 [ 2504.630172][ T8758] vfs_write+0x18a/0x390 [ 2504.634413][ T8758] ksys_write+0xd5/0x1b0 [ 2504.638649][ T8758] __x64_sys_write+0x4c/0x60 [ 2504.643281][ T8758] do_syscall_64+0xcc/0x370 [ 2504.647776][ T8758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2504.653653][ T8758] RIP: 0033:0x459f39 [ 2504.657558][ T8758] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2504.677176][ T8758] RSP: 002b:00007fb34bcafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2504.685574][ T8758] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2504.693531][ T8758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2504.701495][ T8758] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2504.709463][ T8758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb34bcb06d4 [ 2504.717434][ T8758] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2504.728247][ T8758] memory: usage 6840kB, limit 0kB, failcnt 4784 [ 2504.734585][ T8758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2504.741559][ T8758] Memory cgroup stats for /syz2: [ 2504.741757][ T8758] anon 6414336 [ 2504.741757][ T8758] file 0 [ 2504.741757][ T8758] kernel_stack 36864 [ 2504.741757][ T8758] slab 241664 [ 2504.741757][ T8758] sock 0 [ 2504.741757][ T8758] shmem 0 [ 2504.741757][ T8758] file_mapped 0 [ 2504.741757][ T8758] file_dirty 0 [ 2504.741757][ T8758] file_writeback 0 [ 2504.741757][ T8758] anon_thp 6291456 [ 2504.741757][ T8758] inactive_anon 135168 [ 2504.741757][ T8758] active_anon 6414336 [ 2504.741757][ T8758] inactive_file 8192 [ 2504.741757][ T8758] active_file 77824 [ 2504.741757][ T8758] unevictable 0 [ 2504.741757][ T8758] slab_reclaimable 135168 [ 2504.741757][ T8758] slab_unreclaimable 106496 [ 2504.741757][ T8758] pgfault 110385 [ 2504.741757][ T8758] pgmajfault 0 [ 2504.741757][ T8758] workingset_refault 0 [ 2504.741757][ T8758] workingset_activate 0 [ 2504.741757][ T8758] workingset_nodereclaim 1947 [ 2504.741757][ T8758] pgrefill 79754 [ 2504.741757][ T8758] pgscan 648351 [ 2504.741757][ T8758] pgsteal 204273 [ 2504.836440][ T8758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8754,uid=0 [ 2504.851953][ T8758] Memory cgroup out of memory: Killed process 8754 (syz-executor.2) total-vm:72852kB, anon-rss:6236kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2504.871828][ T1062] oom_reaper: reaped process 8754 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:15 executing program 3: 07:50:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) sendfile(0xffffffffffffffff, r3, &(0x7f00000001c0), 0x49d0f958) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:15 executing program 0: 07:50:15 executing program 4: 07:50:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:15 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2505.006640][ T8748] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2505.039934][ T8748] CPU: 1 PID: 8748 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2505.047816][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.057877][ T8748] Call Trace: [ 2505.061194][ T8748] dump_stack+0xf5/0x159 [ 2505.065473][ T8748] dump_header+0xaa/0x449 [ 2505.069866][ T8748] oom_kill_process.cold+0x10/0x15 [ 2505.075012][ T8748] out_of_memory+0x231/0xa00 [ 2505.079625][ T8748] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2505.085295][ T8748] mem_cgroup_out_of_memory+0x128/0x150 [ 2505.090863][ T8748] try_charge+0xb3a/0xbc0 [ 2505.095232][ T8748] ? rcu_note_context_switch+0x700/0x760 [ 2505.100958][ T8748] mem_cgroup_try_charge+0xd2/0x260 [ 2505.106183][ T8748] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2505.111899][ T8748] wp_page_copy+0x322/0x1160 [ 2505.116505][ T8748] ? preempt_schedule+0x30/0x40 [ 2505.121409][ T8748] ? ___preempt_schedule+0x16/0x20 [ 2505.126624][ T8748] do_wp_page+0x192/0x11f0 [ 2505.131060][ T8748] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2505.136755][ T8748] __handle_mm_fault+0x1c07/0x2cb0 [ 2505.142005][ T8748] handle_mm_fault+0x21b/0x530 [ 2505.146808][ T8748] __do_page_fault+0x3fb/0x9e0 [ 2505.151682][ T8748] do_page_fault+0x54/0x233 07:50:15 executing program 0: [ 2505.156227][ T8748] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2505.161976][ T8748] page_fault+0x34/0x40 [ 2505.166143][ T8748] RIP: 0033:0x431016 [ 2505.170079][ T8748] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2505.189718][ T8748] RSP: 002b:00007fffbc2d3630 EFLAGS: 00010206 [ 2505.195794][ T8748] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2505.203769][ T8748] RDX: 0000000000b02930 RSI: 0000000000b0a970 RDI: 0000000000000003 [ 2505.211748][ T8748] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000b01940 [ 2505.219733][ T8748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2505.227706][ T8748] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2505.250275][ T25] audit: type=1804 audit(1572076216.031:135): pid=8763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2284/bus" dev="sda1" ino=16690 res=1 07:50:16 executing program 3: [ 2505.317704][ T8748] memory: usage 388kB, limit 0kB, failcnt 4793 [ 2505.323902][ T8748] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2505.331777][ T25] audit: type=1804 audit(1572076216.061:136): pid=8763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2284/bus" dev="sda1" ino=16690 res=1 [ 2505.362045][ T8748] Memory cgroup stats for /syz2: [ 2505.362270][ T8748] anon 69632 [ 2505.362270][ T8748] file 0 [ 2505.362270][ T8748] kernel_stack 36864 [ 2505.362270][ T8748] slab 241664 [ 2505.362270][ T8748] sock 0 [ 2505.362270][ T8748] shmem 0 [ 2505.362270][ T8748] file_mapped 0 [ 2505.362270][ T8748] file_dirty 0 [ 2505.362270][ T8748] file_writeback 0 [ 2505.362270][ T8748] anon_thp 0 [ 2505.362270][ T8748] inactive_anon 135168 [ 2505.362270][ T8748] active_anon 69632 [ 2505.362270][ T8748] inactive_file 8192 [ 2505.362270][ T8748] active_file 77824 [ 2505.362270][ T8748] unevictable 0 07:50:16 executing program 0: 07:50:16 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x17) r4 = socket(0x2, 0x803, 0xff) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r5 = dup(r4) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x200004) sendfile(r5, r6, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:16 executing program 4: [ 2505.362270][ T8748] slab_reclaimable 135168 [ 2505.362270][ T8748] slab_unreclaimable 106496 [ 2505.362270][ T8748] pgfault 110385 [ 2505.362270][ T8748] pgmajfault 0 [ 2505.362270][ T8748] workingset_refault 0 [ 2505.362270][ T8748] workingset_activate 0 [ 2505.362270][ T8748] workingset_nodereclaim 1947 [ 2505.362270][ T8748] pgrefill 79754 [ 2505.362270][ T8748] pgscan 648351 [ 2505.362270][ T8748] pgsteal 204273 [ 2505.362270][ T8748] pgactivate 178959 07:50:16 executing program 3: [ 2505.641934][ T25] audit: type=1804 audit(1572076216.421:137): pid=8772 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2285/bus" dev="sda1" ino=16690 res=1 07:50:16 executing program 0: 07:50:16 executing program 4: [ 2505.775057][ T25] audit: type=1804 audit(1572076216.481:138): pid=8773 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2285/bus" dev="sda1" ino=16690 res=1 [ 2505.920846][ T8748] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8748,uid=0 07:50:16 executing program 3: 07:50:16 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x1bd, 0x68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff, 0x2, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x40000) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, 0x0, 0x0) write$input_event(r1, &(0x7f0000000240)={{}, 0x0, 0x8, 0xff}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000740)={0x7f, {{0xa, 0x4e21, 0xbbf, @remote, 0xfffffff9}}}, 0x88) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000200)={0x8000000, 0xfffffff8, 0x28}) ioctl(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x803, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8) sendmmsg(r3, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0) getpeername$packet(r2, 0x0, &(0x7f00000003c0)) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000400)={@mcast1}) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x0) [ 2505.998742][ T8748] Memory cgroup out of memory: Killed process 8748 (syz-executor.2) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:118784kB oom_score_adj:0 [ 2506.245182][ T1062] oom_reaper: reaped process 8748 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2506.745061][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2506.750856][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2507.015802][ T7318] device bridge_slave_1 left promiscuous mode [ 2507.021992][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2507.075772][ T7318] device bridge_slave_0 left promiscuous mode [ 2507.082105][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2507.935322][ T7318] device hsr_slave_0 left promiscuous mode [ 2507.975096][ T7318] device hsr_slave_1 left promiscuous mode [ 2508.032651][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2508.043544][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2508.054200][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2508.110206][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2508.172007][ T7318] bond0 (unregistering): Released all slaves [ 2508.274317][ T8793] IPVS: ftp: loaded support on port[0] = 21 [ 2508.340123][ T8793] chnl_net:caif_netlink_parms(): no params data found [ 2508.439826][ T8793] bridge0: port 1(bridge_slave_0) entered blocking state [ 2508.447048][ T8793] bridge0: port 1(bridge_slave_0) entered disabled state [ 2508.459925][ T8793] device bridge_slave_0 entered promiscuous mode [ 2508.467972][ T8793] bridge0: port 2(bridge_slave_1) entered blocking state [ 2508.479976][ T8793] bridge0: port 2(bridge_slave_1) entered disabled state [ 2508.488517][ T8793] device bridge_slave_1 entered promiscuous mode [ 2508.520465][ T8793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2508.532266][ T8793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2508.563280][ T8793] team0: Port device team_slave_0 added [ 2508.572175][ T8793] team0: Port device team_slave_1 added [ 2508.649553][ T8793] device hsr_slave_0 entered promiscuous mode [ 2508.705338][ T8793] device hsr_slave_1 entered promiscuous mode [ 2508.754957][ T8793] debugfs: Directory 'hsr0' with parent '/' already present! [ 2508.776566][ T8793] bridge0: port 2(bridge_slave_1) entered blocking state [ 2508.783671][ T8793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2508.791010][ T8793] bridge0: port 1(bridge_slave_0) entered blocking state [ 2508.798078][ T8793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2508.851879][ T8793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2508.870974][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2508.879767][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2508.893629][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2508.914833][ T8793] 8021q: adding VLAN 0 to HW filter on device team0 [ 2508.932152][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2508.941024][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2508.948100][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2508.986864][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2508.998229][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2509.005321][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2509.015966][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2509.024953][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2509.033689][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2509.042380][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2509.058662][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2509.068737][ T8793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2509.093471][ T8793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2509.598680][ T8803] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2509.608937][ T8803] CPU: 0 PID: 8803 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2509.616744][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2509.626799][ T8803] Call Trace: [ 2509.630093][ T8803] dump_stack+0xf5/0x159 [ 2509.634327][ T8803] dump_header+0xaa/0x449 [ 2509.638662][ T8803] oom_kill_process.cold+0x10/0x15 [ 2509.643828][ T8803] out_of_memory+0x231/0xa00 [ 2509.648435][ T8803] mem_cgroup_out_of_memory+0x128/0x150 [ 2509.653991][ T8803] memory_max_write+0x17b/0x250 [ 2509.658834][ T8803] cgroup_file_write+0x119/0x320 [ 2509.663761][ T8803] ? high_work_func+0x30/0x30 [ 2509.668446][ T8803] kernfs_fop_write+0x1f4/0x2e0 [ 2509.673344][ T8803] ? cgroup_css.part.0+0x90/0x90 [ 2509.678274][ T8803] __vfs_write+0x67/0xc0 [ 2509.682553][ T8803] ? kernfs_seq_show+0xe0/0xe0 [ 2509.687329][ T8803] vfs_write+0x18a/0x390 [ 2509.691570][ T8803] ksys_write+0xd5/0x1b0 [ 2509.695804][ T8803] __x64_sys_write+0x4c/0x60 [ 2509.700450][ T8803] do_syscall_64+0xcc/0x370 [ 2509.704977][ T8803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2509.710867][ T8803] RIP: 0033:0x459f39 [ 2509.714756][ T8803] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2509.734368][ T8803] RSP: 002b:00007fab7d441c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2509.742770][ T8803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2509.750726][ T8803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2509.758705][ T8803] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2509.766692][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fab7d4426d4 [ 2509.774661][ T8803] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2509.783091][ T8803] memory: usage 4780kB, limit 0kB, failcnt 5176 [ 2509.789582][ T8803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2509.796599][ T8803] Memory cgroup stats for /syz1: [ 2509.796807][ T8803] anon 4366336 [ 2509.796807][ T8803] file 188416 [ 2509.796807][ T8803] kernel_stack 36864 [ 2509.796807][ T8803] slab 184320 [ 2509.796807][ T8803] sock 0 [ 2509.796807][ T8803] shmem 0 [ 2509.796807][ T8803] file_mapped 0 [ 2509.796807][ T8803] file_dirty 0 [ 2509.796807][ T8803] file_writeback 0 [ 2509.796807][ T8803] anon_thp 4194304 [ 2509.796807][ T8803] inactive_anon 0 [ 2509.796807][ T8803] active_anon 4366336 [ 2509.796807][ T8803] inactive_file 188416 [ 2509.796807][ T8803] active_file 155648 [ 2509.796807][ T8803] unevictable 0 [ 2509.796807][ T8803] slab_reclaimable 135168 [ 2509.796807][ T8803] slab_unreclaimable 49152 [ 2509.796807][ T8803] pgfault 101277 [ 2509.796807][ T8803] pgmajfault 0 [ 2509.796807][ T8803] workingset_refault 0 [ 2509.796807][ T8803] workingset_activate 0 [ 2509.796807][ T8803] workingset_nodereclaim 1584 [ 2509.796807][ T8803] pgrefill 52973 [ 2509.796807][ T8803] pgscan 541039 [ 2509.796807][ T8803] pgsteal 188516 [ 2509.890078][ T8803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8799,uid=0 [ 2509.905588][ T8803] Memory cgroup out of memory: Killed process 8799 (syz-executor.1) total-vm:72852kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2509.925909][ T1062] oom_reaper: reaped process 8799 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:20 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400)}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:20 executing program 0: 07:50:20 executing program 3: 07:50:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:20 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:20 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x1bd, 0x68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff, 0x2, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x40000) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, 0x0, 0x0) write$input_event(r1, &(0x7f0000000240)={{}, 0x0, 0x8, 0xff}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000740)={0x7f, {{0xa, 0x4e21, 0xbbf, @remote, 0xfffffff9}}}, 0x88) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000200)={0x8000000, 0xfffffff8, 0x28}) ioctl(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x803, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8) sendmmsg(r3, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0) getpeername$packet(r2, 0x0, &(0x7f00000003c0)) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000400)={@mcast1}) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x0) [ 2510.036705][ T8793] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2510.074990][ T8793] CPU: 1 PID: 8793 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2510.082865][ T8793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2510.092925][ T8793] Call Trace: [ 2510.096241][ T8793] dump_stack+0xf5/0x159 [ 2510.100517][ T8793] dump_header+0xaa/0x449 [ 2510.104928][ T8793] oom_kill_process.cold+0x10/0x15 [ 2510.110126][ T8793] out_of_memory+0x231/0xa00 [ 2510.114740][ T8793] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2510.120404][ T8793] mem_cgroup_out_of_memory+0x128/0x150 [ 2510.125986][ T8793] try_charge+0xb3a/0xbc0 [ 2510.130367][ T8793] ? rcu_note_context_switch+0x700/0x760 [ 2510.136068][ T8793] mem_cgroup_try_charge+0xd2/0x260 [ 2510.136934][ T25] audit: type=1804 audit(1572076220.861:139): pid=8808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2286/bus" dev="sda1" ino=16722 res=1 [ 2510.141368][ T8793] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2510.171428][ T8793] wp_page_copy+0x322/0x1160 [ 2510.176045][ T8793] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2510.181723][ T8793] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2510.187398][ T8793] do_wp_page+0x192/0x11f0 [ 2510.191834][ T8793] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2510.194992][ T25] audit: type=1804 audit(1572076220.861:140): pid=8808 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2286/bus" dev="sda1" ino=16722 res=1 [ 2510.197513][ T8793] __handle_mm_fault+0x1c07/0x2cb0 [ 2510.226554][ T8793] handle_mm_fault+0x21b/0x530 [ 2510.231355][ T8793] __do_page_fault+0x3fb/0x9e0 [ 2510.236218][ T8793] do_page_fault+0x54/0x233 [ 2510.240839][ T8793] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2510.246699][ T8793] page_fault+0x34/0x40 [ 2510.250942][ T8793] RIP: 0033:0x431016 [ 2510.254903][ T8793] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2510.274541][ T8793] RSP: 002b:00007ffc297c9850 EFLAGS: 00010206 07:50:21 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x1bd, 0x68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1ff, 0x2, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x200006) splice(r0, 0x0, r1, 0x0, 0x55aa40be, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0}, 0x40000) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, 0x0, 0x0) write$input_event(r1, &(0x7f0000000240)={{}, 0x0, 0x8, 0xff}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000740)={0x7f, {{0xa, 0x4e21, 0xbbf, @remote, 0xfffffff9}}}, 0x88) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000200)={0x8000000, 0xfffffff8, 0x28}) ioctl(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x803, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8) sendmmsg(r3, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0) getpeername$packet(r2, 0x0, &(0x7f00000003c0)) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000400)={@mcast1}) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x0) 07:50:21 executing program 0: [ 2510.280624][ T8793] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2510.288610][ T8793] RDX: 000000000150f930 RSI: 0000000001517970 RDI: 0000000000000003 [ 2510.296633][ T8793] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000150e940 [ 2510.304626][ T8793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2510.312679][ T8793] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:50:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:50:21 executing program 0: [ 2510.614980][ T8793] memory: usage 372kB, limit 0kB, failcnt 5191 [ 2510.621193][ T8793] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2510.665356][ T8793] Memory cgroup stats for /syz1: [ 2510.665706][ T8793] anon 102400 [ 2510.665706][ T8793] file 188416 [ 2510.665706][ T8793] kernel_stack 0 [ 2510.665706][ T8793] slab 184320 [ 2510.665706][ T8793] sock 0 [ 2510.665706][ T8793] shmem 0 [ 2510.665706][ T8793] file_mapped 0 [ 2510.665706][ T8793] file_dirty 0 [ 2510.665706][ T8793] file_writeback 0 [ 2510.665706][ T8793] anon_thp 0 [ 2510.665706][ T8793] inactive_anon 0 [ 2510.665706][ T8793] active_anon 102400 [ 2510.665706][ T8793] inactive_file 188416 [ 2510.665706][ T8793] active_file 155648 [ 2510.665706][ T8793] unevictable 0 [ 2510.665706][ T8793] slab_reclaimable 135168 [ 2510.665706][ T8793] slab_unreclaimable 49152 [ 2510.665706][ T8793] pgfault 101277 [ 2510.665706][ T8793] pgmajfault 0 [ 2510.665706][ T8793] workingset_refault 0 [ 2510.665706][ T8793] workingset_activate 0 [ 2510.665706][ T8793] workingset_nodereclaim 1584 [ 2510.665706][ T8793] pgrefill 52973 [ 2510.665706][ T8793] pgscan 541039 [ 2510.665706][ T8793] pgsteal 188516 [ 2510.665706][ T8793] pgactivate 136554 [ 2510.905112][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2510.910969][ C1] protocol 88fb is buggy, dev hsr_slave_1 07:50:21 executing program 0: 07:50:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2511.051353][ T8793] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8793,uid=0 [ 2511.114947][ T8793] Memory cgroup out of memory: Killed process 8793 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2511.176340][ T1062] oom_reaper: reaped process 8793 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 07:50:22 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:22 executing program 4: 07:50:22 executing program 0: 07:50:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2512.085846][ T7318] device bridge_slave_1 left promiscuous mode [ 2512.092075][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2512.145798][ T7318] device bridge_slave_0 left promiscuous mode [ 2512.152012][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2513.015468][ T7318] device hsr_slave_0 left promiscuous mode [ 2513.055188][ T7318] device hsr_slave_1 left promiscuous mode [ 2513.103626][ T7318] team0 (unregistering): Port device team_slave_1 removed [ 2513.114396][ T7318] team0 (unregistering): Port device team_slave_0 removed [ 2513.126519][ T7318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2513.159921][ T7318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2513.241098][ T7318] bond0 (unregistering): Released all slaves [ 2513.372754][ T8842] IPVS: ftp: loaded support on port[0] = 21 [ 2513.448015][ T8842] chnl_net:caif_netlink_parms(): no params data found [ 2513.479892][ T8842] bridge0: port 1(bridge_slave_0) entered blocking state [ 2513.487049][ T8842] bridge0: port 1(bridge_slave_0) entered disabled state [ 2513.494880][ T8842] device bridge_slave_0 entered promiscuous mode [ 2513.502379][ T8842] bridge0: port 2(bridge_slave_1) entered blocking state [ 2513.509643][ T8842] bridge0: port 2(bridge_slave_1) entered disabled state [ 2513.517720][ T8842] device bridge_slave_1 entered promiscuous mode [ 2513.538541][ T8842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2513.549574][ T8842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2513.616334][ T8842] team0: Port device team_slave_0 added [ 2513.624478][ T8842] team0: Port device team_slave_1 added [ 2513.708068][ T8842] device hsr_slave_0 entered promiscuous mode [ 2513.745341][ T8842] device hsr_slave_1 entered promiscuous mode [ 2513.785021][ T8842] debugfs: Directory 'hsr0' with parent '/' already present! [ 2513.803203][ T8842] bridge0: port 2(bridge_slave_1) entered blocking state [ 2513.810314][ T8842] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2513.817714][ T8842] bridge0: port 1(bridge_slave_0) entered blocking state [ 2513.824756][ T8842] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2513.880336][ T8842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2513.894747][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2513.908525][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2513.919958][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2513.940568][ T8842] 8021q: adding VLAN 0 to HW filter on device team0 [ 2513.955615][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2513.964089][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2513.971226][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2513.999264][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2514.008562][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2514.015635][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2514.030387][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2514.042793][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2514.054792][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2514.068476][ T8842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2514.084018][ T8842] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2514.093493][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2514.107152][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2514.132821][ T8842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2514.565426][ T8852] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2514.575759][ T8852] CPU: 0 PID: 8852 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2514.583593][ T8852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2514.593680][ T8852] Call Trace: [ 2514.596972][ T8852] dump_stack+0xf5/0x159 [ 2514.601210][ T8852] dump_header+0xaa/0x449 [ 2514.605555][ T8852] oom_kill_process.cold+0x10/0x15 [ 2514.610674][ T8852] out_of_memory+0x231/0xa00 [ 2514.615261][ T8852] mem_cgroup_out_of_memory+0x128/0x150 [ 2514.620801][ T8852] memory_max_write+0x17b/0x250 [ 2514.625667][ T8852] cgroup_file_write+0x119/0x320 [ 2514.630608][ T8852] ? high_work_func+0x30/0x30 [ 2514.635423][ T8852] kernfs_fop_write+0x1f4/0x2e0 [ 2514.640280][ T8852] ? cgroup_css.part.0+0x90/0x90 [ 2514.645236][ T8852] __vfs_write+0x67/0xc0 [ 2514.649501][ T8852] ? kernfs_seq_show+0xe0/0xe0 [ 2514.654272][ T8852] vfs_write+0x18a/0x390 [ 2514.658598][ T8852] ksys_write+0xd5/0x1b0 [ 2514.662878][ T8852] __x64_sys_write+0x4c/0x60 [ 2514.667494][ T8852] do_syscall_64+0xcc/0x370 [ 2514.671998][ T8852] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2514.677884][ T8852] RIP: 0033:0x459f39 [ 2514.681785][ T8852] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2514.701424][ T8852] RSP: 002b:00007f5948d12c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2514.709830][ T8852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2514.717785][ T8852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2514.725765][ T8852] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2514.733758][ T8852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5948d136d4 [ 2514.741747][ T8852] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2514.752334][ T8852] memory: usage 6848kB, limit 0kB, failcnt 4817 [ 2514.758754][ T8852] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2514.765760][ T8852] Memory cgroup stats for /syz2: [ 2514.765968][ T8852] anon 6369280 [ 2514.765968][ T8852] file 241664 [ 2514.765968][ T8852] kernel_stack 36864 [ 2514.765968][ T8852] slab 241664 [ 2514.765968][ T8852] sock 0 [ 2514.765968][ T8852] shmem 0 [ 2514.765968][ T8852] file_mapped 0 [ 2514.765968][ T8852] file_dirty 0 [ 2514.765968][ T8852] file_writeback 0 [ 2514.765968][ T8852] anon_thp 6291456 [ 2514.765968][ T8852] inactive_anon 135168 [ 2514.765968][ T8852] active_anon 6369280 [ 2514.765968][ T8852] inactive_file 221184 [ 2514.765968][ T8852] active_file 77824 [ 2514.765968][ T8852] unevictable 0 [ 2514.765968][ T8852] slab_reclaimable 135168 [ 2514.765968][ T8852] slab_unreclaimable 106496 [ 2514.765968][ T8852] pgfault 110451 [ 2514.765968][ T8852] pgmajfault 0 [ 2514.765968][ T8852] workingset_refault 0 [ 2514.765968][ T8852] workingset_activate 0 [ 2514.765968][ T8852] workingset_nodereclaim 1947 [ 2514.765968][ T8852] pgrefill 79788 [ 2514.765968][ T8852] pgscan 653696 [ 2514.765968][ T8852] pgsteal 206161 [ 2514.860684][ T8852] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8849,uid=0 [ 2514.876492][ T8852] Memory cgroup out of memory: Killed process 8849 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2514.896519][ T1062] oom_reaper: reaped process 8849 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:25 executing program 3: 07:50:25 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:25 executing program 4: 07:50:25 executing program 0: 07:50:25 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r0 = socket(0x2, 0x803, 0xff) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = dup(r0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x200004) sendfile(r1, r2, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 2515.026135][ T8842] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2515.052036][ T8842] CPU: 0 PID: 8842 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2515.059892][ T8842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2515.069980][ T8842] Call Trace: [ 2515.073302][ T8842] dump_stack+0xf5/0x159 [ 2515.077578][ T8842] dump_header+0xaa/0x449 [ 2515.081958][ T8842] oom_kill_process.cold+0x10/0x15 [ 2515.087106][ T8842] out_of_memory+0x231/0xa00 [ 2515.091716][ T8842] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2515.097460][ T8842] mem_cgroup_out_of_memory+0x128/0x150 [ 2515.103090][ T8842] try_charge+0xb3a/0xbc0 [ 2515.107457][ T8842] ? rcu_note_context_switch+0x700/0x760 [ 2515.113209][ T8842] mem_cgroup_try_charge+0xd2/0x260 [ 2515.118437][ T8842] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2515.124096][ T8842] wp_page_copy+0x322/0x1160 [ 2515.128721][ T8842] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2515.134533][ T8842] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2515.140298][ T8842] do_wp_page+0x192/0x11f0 [ 2515.144741][ T8842] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2515.150407][ T8842] __handle_mm_fault+0x1c07/0x2cb0 [ 2515.155613][ T8842] handle_mm_fault+0x21b/0x530 [ 2515.160447][ T8842] __do_page_fault+0x3fb/0x9e0 [ 2515.165255][ T8842] do_page_fault+0x54/0x233 [ 2515.169994][ T8842] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2515.175797][ T8842] page_fault+0x34/0x40 [ 2515.179961][ T8842] RIP: 0033:0x431016 [ 2515.183889][ T8842] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2515.203525][ T8842] RSP: 002b:00007ffd4080e4c0 EFLAGS: 00010206 [ 2515.209629][ T8842] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2515.217651][ T8842] RDX: 0000000000b49930 RSI: 0000000000b51970 RDI: 0000000000000003 07:50:26 executing program 3: 07:50:26 executing program 0: [ 2515.225709][ T8842] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000b48940 [ 2515.233698][ T8842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2515.241783][ T8842] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2515.281276][ T8842] memory: usage 392kB, limit 0kB, failcnt 4832 [ 2515.287581][ T8842] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2515.294537][ T8842] Memory cgroup stats for /syz2: [ 2515.294760][ T8842] anon 61440 [ 2515.294760][ T8842] file 241664 [ 2515.294760][ T8842] kernel_stack 0 [ 2515.294760][ T8842] slab 241664 [ 2515.294760][ T8842] sock 0 [ 2515.294760][ T8842] shmem 0 [ 2515.294760][ T8842] file_mapped 0 [ 2515.294760][ T8842] file_dirty 0 [ 2515.294760][ T8842] file_writeback 0 [ 2515.294760][ T8842] anon_thp 0 [ 2515.294760][ T8842] inactive_anon 135168 [ 2515.294760][ T8842] active_anon 61440 [ 2515.294760][ T8842] inactive_file 221184 [ 2515.294760][ T8842] active_file 77824 [ 2515.294760][ T8842] unevictable 0 [ 2515.294760][ T8842] slab_reclaimable 135168 [ 2515.294760][ T8842] slab_unreclaimable 106496 [ 2515.294760][ T8842] pgfault 110451 [ 2515.294760][ T8842] pgmajfault 0 [ 2515.294760][ T8842] workingset_refault 0 [ 2515.294760][ T8842] workingset_activate 0 [ 2515.294760][ T8842] workingset_nodereclaim 1980 [ 2515.294760][ T8842] pgrefill 79788 07:50:26 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r0 = socket(0x2, 0x803, 0xff) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = dup(r0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x200004) sendfile(r1, r2, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 2515.294760][ T8842] pgscan 653696 [ 2515.294760][ T8842] pgsteal 206161 [ 2515.294760][ T8842] pgactivate 180378 07:50:26 executing program 4: [ 2515.474425][ T8842] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8842,uid=0 [ 2515.490780][ T8842] Memory cgroup out of memory: Killed process 8842 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2515.576287][ T1062] oom_reaper: reaped process 8842 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 07:50:26 executing program 0: 07:50:26 executing program 3: [ 2515.666743][ T25] audit: type=1804 audit(1572076226.451:141): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2291/bus" dev="sda1" ino=16705 res=1 [ 2515.769198][ T25] audit: type=1804 audit(1572076226.461:142): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2291/bus" dev="sda1" ino=16705 res=1 07:50:27 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:27 executing program 4: [ 2516.905936][T26081] device bridge_slave_1 left promiscuous mode [ 2516.912232][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2516.955531][T26081] device bridge_slave_0 left promiscuous mode [ 2516.961781][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2517.825167][T26081] device hsr_slave_0 left promiscuous mode [ 2517.895068][T26081] device hsr_slave_1 left promiscuous mode [ 2517.953311][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2517.964344][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2517.975482][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2518.020075][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2518.082027][T26081] bond0 (unregistering): Released all slaves [ 2518.183784][ T8877] IPVS: ftp: loaded support on port[0] = 21 [ 2518.251331][ T8877] chnl_net:caif_netlink_parms(): no params data found [ 2518.284114][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 2518.291222][ T8877] bridge0: port 1(bridge_slave_0) entered disabled state [ 2518.299860][ T8877] device bridge_slave_0 entered promiscuous mode [ 2518.307777][ T8877] bridge0: port 2(bridge_slave_1) entered blocking state [ 2518.317972][ T8877] bridge0: port 2(bridge_slave_1) entered disabled state [ 2518.325970][ T8877] device bridge_slave_1 entered promiscuous mode [ 2518.349914][ T8877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2518.391267][ T8877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2518.419671][ T8877] team0: Port device team_slave_0 added [ 2518.432967][ T8877] team0: Port device team_slave_1 added [ 2518.528082][ T8877] device hsr_slave_0 entered promiscuous mode [ 2518.565301][ T8877] device hsr_slave_1 entered promiscuous mode [ 2518.634916][ T8877] debugfs: Directory 'hsr0' with parent '/' already present! [ 2518.655553][ T8877] bridge0: port 2(bridge_slave_1) entered blocking state [ 2518.662621][ T8877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2518.669978][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 2518.677058][ T8877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2518.727303][ T8877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2518.745993][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2518.754811][T32140] bridge0: port 1(bridge_slave_0) entered disabled state [ 2518.768124][T32140] bridge0: port 2(bridge_slave_1) entered disabled state [ 2518.785960][ T8877] 8021q: adding VLAN 0 to HW filter on device team0 [ 2518.798229][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2518.807550][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2518.814583][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2518.839478][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2518.848366][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2518.855448][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2518.865823][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2518.876289][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2518.891585][ T8877] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2518.902351][ T8877] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2518.920867][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2518.931387][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2518.943822][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2518.963902][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2518.974330][ T8877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2519.433573][ T8887] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2519.449111][ T8887] CPU: 1 PID: 8887 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2519.456928][ T8887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2519.466973][ T8887] Call Trace: [ 2519.470269][ T8887] dump_stack+0xf5/0x159 [ 2519.474523][ T8887] dump_header+0xaa/0x449 [ 2519.478862][ T8887] oom_kill_process.cold+0x10/0x15 [ 2519.483979][ T8887] out_of_memory+0x231/0xa00 [ 2519.488689][ T8887] mem_cgroup_out_of_memory+0x128/0x150 [ 2519.494251][ T8887] memory_max_write+0x17b/0x250 [ 2519.499115][ T8887] cgroup_file_write+0x119/0x320 [ 2519.504056][ T8887] ? high_work_func+0x30/0x30 [ 2519.508746][ T8887] kernfs_fop_write+0x1f4/0x2e0 [ 2519.513595][ T8887] ? cgroup_css.part.0+0x90/0x90 [ 2519.518534][ T8887] __vfs_write+0x67/0xc0 [ 2519.522778][ T8887] ? kernfs_seq_show+0xe0/0xe0 [ 2519.527542][ T8887] vfs_write+0x18a/0x390 [ 2519.531789][ T8887] ksys_write+0xd5/0x1b0 [ 2519.536039][ T8887] __x64_sys_write+0x4c/0x60 [ 2519.540640][ T8887] do_syscall_64+0xcc/0x370 [ 2519.545160][ T8887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2519.551051][ T8887] RIP: 0033:0x459f39 [ 2519.554959][ T8887] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2519.574569][ T8887] RSP: 002b:00007f4302735c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2519.582979][ T8887] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2519.590948][ T8887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2519.598918][ T8887] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2519.606886][ T8887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43027366d4 [ 2519.614869][ T8887] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2519.630340][ T8887] memory: usage 4784kB, limit 0kB, failcnt 5225 [ 2519.636686][ T8887] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2519.643507][ T8887] Memory cgroup stats for /syz1: [ 2519.643615][ T8887] anon 4403200 [ 2519.643615][ T8887] file 57344 [ 2519.643615][ T8887] kernel_stack 0 [ 2519.643615][ T8887] slab 319488 [ 2519.643615][ T8887] sock 0 [ 2519.643615][ T8887] shmem 0 [ 2519.643615][ T8887] file_mapped 0 [ 2519.643615][ T8887] file_dirty 0 [ 2519.643615][ T8887] file_writeback 0 [ 2519.643615][ T8887] anon_thp 4194304 [ 2519.643615][ T8887] inactive_anon 0 [ 2519.643615][ T8887] active_anon 4403200 [ 2519.643615][ T8887] inactive_file 4096 [ 2519.643615][ T8887] active_file 159744 [ 2519.643615][ T8887] unevictable 0 [ 2519.643615][ T8887] slab_reclaimable 135168 [ 2519.643615][ T8887] slab_unreclaimable 184320 [ 2519.643615][ T8887] pgfault 101343 [ 2519.643615][ T8887] pgmajfault 0 [ 2519.643615][ T8887] workingset_refault 0 [ 2519.643615][ T8887] workingset_activate 0 [ 2519.643615][ T8887] workingset_nodereclaim 1584 [ 2519.643615][ T8887] pgrefill 54634 [ 2519.643615][ T8887] pgscan 551209 [ 2519.643615][ T8887] pgsteal 190349 [ 2519.736915][ T8887] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8884,uid=0 [ 2519.755033][ T8887] Memory cgroup out of memory: Killed process 8884 (syz-executor.1) total-vm:72852kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2519.774563][ T1062] oom_reaper: reaped process 8884 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:30 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x0, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:30 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r0 = socket(0x2, 0x803, 0xff) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r1 = dup(r0) r2 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x200004) sendfile(r1, r2, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 07:50:30 executing program 3: 07:50:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) socket$kcm(0xa, 0x0, 0x88) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x9, 0x10f, 0x4, 0xcb8, 0x0, 0x1}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000600)={r0, &(0x7f00000001c0), 0x0}, 0x20) 07:50:30 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:30 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0xc000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000004740)={&(0x7f0000000580)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x9, 0x10f, 0x4, 0xcb8, 0x0, 0x1}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000600)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40000004) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0xc000) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @local}, 0x80, 0x0}, 0xfd00) [ 2519.854770][ T8877] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2519.886754][ T25] audit: type=1804 audit(1572076230.671:143): pid=8889 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2292/bus" dev="sda1" ino=16563 res=1 [ 2519.915018][ T8877] CPU: 0 PID: 8877 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2519.922911][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2519.932971][ T8877] Call Trace: [ 2519.936296][ T8877] dump_stack+0xf5/0x159 [ 2519.940572][ T8877] dump_header+0xaa/0x449 [ 2519.944983][ T8877] oom_kill_process.cold+0x10/0x15 [ 2519.950122][ T8877] out_of_memory+0x231/0xa00 [ 2519.954804][ T8877] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2519.960486][ T8877] mem_cgroup_out_of_memory+0x128/0x150 [ 2519.966071][ T8877] try_charge+0xb3a/0xbc0 [ 2519.970430][ T8877] ? rcu_note_context_switch+0x700/0x760 [ 2519.975937][ T25] audit: type=1804 audit(1572076230.721:144): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2292/bus" dev="sda1" ino=16563 res=1 [ 2519.976178][ T8877] mem_cgroup_try_charge+0xd2/0x260 [ 2520.005341][ T8877] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2520.011149][ T8877] __handle_mm_fault+0x179a/0x2cb0 [ 2520.016311][ T8877] handle_mm_fault+0x21b/0x530 [ 2520.021169][ T8877] __do_page_fault+0x3fb/0x9e0 [ 2520.026016][ T8877] do_page_fault+0x54/0x233 [ 2520.030540][ T8877] ? do_syscall_64+0x270/0x370 [ 2520.035343][ T8877] page_fault+0x34/0x40 [ 2520.039510][ T8877] RIP: 0033:0x457ed1 [ 2520.043438][ T8877] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2520.063064][ T8877] RSP: 002b:00007ffc12270fe0 EFLAGS: 00010206 [ 2520.069154][ T8877] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000457eb0 [ 2520.077191][ T8877] RDX: 00007ffc12270fe0 RSI: 0000000000000003 RDI: 0000000000000001 [ 2520.085279][ T8877] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d7b940 [ 2520.093325][ T8877] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc122721c0 07:50:30 executing program 3: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg(r3, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x4, {0xa, 0x4e23, 0x3, @mcast1}}}, 0x1d, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000180)="f6685cd0fa8a45e4af93847b2f769b459c085235b59d95e3abae492b52be20224bbaeff5679d18ca94a8601d7f5c39ce5a3e97212cc16d0dc76304bcb3208483a156649399620748bd19df0c1caa769079b7570a4acf4ec45b37601e75b44083f9a0038eda1ea70461d0ff27e9d3d3b6b5782a35416783337b86bd6ff248bcebf1003e8cf38e8190d92e53bad534c734cb11de108c12942bd6516c289611bc871e79ebc6b0c513cbb3ef58c7fadeee"}, {&(0x7f00000000c0)="2af39c64d8447d7a709d90b34de573a74dbd7aeb9d02430aa4b9340bf2f868554ba1b9ac70558b0a504869ea55b5fdf0ed4586aad37a60213747044c960ea0f8c083905692b49839bd34eb"}, {&(0x7f00000002c0)="c26c7768a16938e1d14764686c547a1913156125324479764f11c13f3fbd77dbaff8f2fc12b4a554a86c57657060c6cc6f86f18e9aac48d60ac7aa6726adb3c686dde32c120168aaf08697b87aef168d7e619ceacc60f7709d2163"}, {&(0x7f0000000340)="a0d282770dc4f13083da697ff6c4e520d33268f369b0860d33f9930a16c5882e5d88545039e31c310aada06787b720af363cdac2026186ffedc50b20c332d98d868a43a9f976cfc18caf30651c84bebb106ba3105566af4906d3abc1997e7944bdc15ebe57885c795025fef05d224ef8fc49dcd3b70bde1065001c1627307f0a6888749dd01faef3c9c292022de3baf7138d063d53772321c0"}, {&(0x7f0000000400)="18eca0106e18321d2c5d01dc369acfd6475bf9c5292f5c32b0ca3ac0980be6239c4902b2407dd319c64188376e19687b3113c68337445ae9b6f2efbc5e680a5d35a8a16e3c848d93017f1777a4add8ff881fb9fec88fb701df106a6e9abd646fd2158f909e0cf6da3297741145a604219d926162de3ddbd4adc36187132e88b2aa498305421eed57e8d14e9ed7c8a1"}, {&(0x7f00000004c0)="21c2fcb8c6ec7266a5893ed211a5243bd8a533d8923e559cc38e47aadeeb2ddfdd501dff419bb343461e86e8e791849239fe3e0a0ba79e3084574d68a4abe883514dfb733988f398efdfaccbacbc5f506a0ae4ed491b5faa9a5fa03e2f6fd1fd64473e349a53ae5c31421ea013ff2bc4f4777f3206f203033d36ed7478fb5712cb8e48d3635d11c8c2da20b4144073d80f47aa9dd6aa"}, {&(0x7f0000000580)="d7c3dc168addd055f4aba8d31fbb80eef98cfa24b9c49afe1b383434472f3d9dc337bf8a41a43af4387ddc7d4d1792d5a92b3ce696337383ec598afb2e69807aa2506b04c8d73e6a0aa9b22258ff65dbed8794b8c561dc50d93e8e35cdd1bf7707dcbc9be0181ba949d1b2a5dee5837e9674e2904c5a4e44d5888295a91884670d332f58a85e9e2aee33b13a2f2822fdbbfee5cc41d6f3787e22a0774e5fa574c9f9f067de5569b20c31a7fd7558243db750e072ba70"}], 0x0, &(0x7f0000007b00)}}], 0x342, 0x82) [ 2520.101312][ T8877] R13: 00007ffc122721b0 R14: 0000000000000000 R15: 00007ffc122721c0 [ 2520.277196][ T8877] memory: usage 376kB, limit 0kB, failcnt 5234 [ 2520.283406][ T8877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2520.324912][ T8877] Memory cgroup stats for /syz1: [ 2520.325220][ T8877] anon 69632 [ 2520.325220][ T8877] file 57344 [ 2520.325220][ T8877] kernel_stack 0 [ 2520.325220][ T8877] slab 319488 [ 2520.325220][ T8877] sock 0 [ 2520.325220][ T8877] shmem 0 [ 2520.325220][ T8877] file_mapped 0 [ 2520.325220][ T8877] file_dirty 0 [ 2520.325220][ T8877] file_writeback 0 [ 2520.325220][ T8877] anon_thp 0 [ 2520.325220][ T8877] inactive_anon 0 [ 2520.325220][ T8877] active_anon 69632 [ 2520.325220][ T8877] inactive_file 4096 07:50:31 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) [ 2520.325220][ T8877] active_file 159744 [ 2520.325220][ T8877] unevictable 0 [ 2520.325220][ T8877] slab_reclaimable 135168 [ 2520.325220][ T8877] slab_unreclaimable 184320 [ 2520.325220][ T8877] pgfault 101343 [ 2520.325220][ T8877] pgmajfault 0 [ 2520.325220][ T8877] workingset_refault 0 [ 2520.325220][ T8877] workingset_activate 0 [ 2520.325220][ T8877] workingset_nodereclaim 1584 [ 2520.325220][ T8877] pgrefill 54634 [ 2520.325220][ T8877] pgscan 551209 [ 2520.325220][ T8877] pgsteal 190349 [ 2520.325220][ T8877] pgactivate 139458 07:50:31 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:31 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 2520.509514][ T8877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8877,uid=0 [ 2520.565165][ T8877] Memory cgroup out of memory: Killed process 8877 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2520.599920][ T1062] oom_reaper: reaped process 8877 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:31 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6}]}, 0x10) [ 2520.759534][ T25] audit: type=1804 audit(1572076231.541:145): pid=8916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2293/bus" dev="sda1" ino=16706 res=1 [ 2520.804777][ T25] audit: type=1804 audit(1572076231.541:146): pid=8916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2293/bus" dev="sda1" ino=16706 res=1 07:50:31 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40)=ANY=[]) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000006c0)) 07:50:32 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getpid() ptrace(0xffffffffffffffff, 0x0) ptrace$getregset(0x4205, 0x0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$admmidi(0x0, 0x0, 0x20040) getpid() r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f00000002c0)) r4 = epoll_create1(0x0) epoll_create1(0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r5, 0x400442c8, &(0x7f0000000400)={r6}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x10010, 0xffffffffffffffff, 0x10000000) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="af00000000000000cfe850a5fdb6fe08b94771c4ea87cf4e5cd2c1b0790abf25cd09000000000000001b0693f6a005c8b51769634eedbde0542dd8605647e11c8d398f5eafde07fcb43309557502c2423a294fca6d266dea88b6ac746c55109ff0fa"], 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd9) 07:50:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = getpid() ptrace(0x4206, 0x0) ptrace$getregset(0x4205, r3, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x100, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x80) syz_open_dev$admmidi(0x0, 0x0, 0x20040) getpid() r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f00000002c0)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r5 = epoll_create1(0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r5, &(0x7f0000000080)={0xffffffffffffffff, r5}) setpgid(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r6 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x11, 0x0, &(0x7f0000000240)) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000400)={r6}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x10010, 0xffffffffffffffff, 0x10000000) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x300000b, 0x44031, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd9) [ 2521.548059][ T25] audit: type=1804 audit(1572076232.331:147): pid=8932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2294/bus" dev="sda1" ino=16563 res=1 [ 2521.636068][ T25] audit: type=1804 audit(1572076232.331:148): pid=8932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2294/bus" dev="sda1" ino=16563 res=1 [ 2522.265858][T26081] device bridge_slave_1 left promiscuous mode [ 2522.272316][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2522.346777][T26081] device bridge_slave_0 left promiscuous mode [ 2522.352985][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2523.185146][T26081] device hsr_slave_0 left promiscuous mode [ 2523.235142][T26081] device hsr_slave_1 left promiscuous mode [ 2523.303515][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2523.314474][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2523.325243][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2523.360099][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2523.441624][T26081] bond0 (unregistering): Released all slaves [ 2523.543761][ T8942] IPVS: ftp: loaded support on port[0] = 21 [ 2523.619197][ T8942] chnl_net:caif_netlink_parms(): no params data found [ 2523.651950][ T8942] bridge0: port 1(bridge_slave_0) entered blocking state [ 2523.659229][ T8942] bridge0: port 1(bridge_slave_0) entered disabled state [ 2523.667274][ T8942] device bridge_slave_0 entered promiscuous mode [ 2523.674613][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 2523.681829][ T8942] bridge0: port 2(bridge_slave_1) entered disabled state [ 2523.689606][ T8942] device bridge_slave_1 entered promiscuous mode [ 2523.758099][ T8942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2523.769373][ T8942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2523.792805][ T8942] team0: Port device team_slave_0 added [ 2523.799832][ T8942] team0: Port device team_slave_1 added [ 2523.868069][ T8942] device hsr_slave_0 entered promiscuous mode [ 2523.909657][ T8942] device hsr_slave_1 entered promiscuous mode [ 2523.955333][ T8942] debugfs: Directory 'hsr0' with parent '/' already present! [ 2523.971885][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 2523.979037][ T8942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2523.986395][ T8942] bridge0: port 1(bridge_slave_0) entered blocking state [ 2523.993441][ T8942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2524.046794][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2524.065525][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2524.074327][T31174] bridge0: port 1(bridge_slave_0) entered disabled state [ 2524.088558][T31174] bridge0: port 2(bridge_slave_1) entered disabled state [ 2524.106949][ T8942] 8021q: adding VLAN 0 to HW filter on device team0 [ 2524.120734][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2524.132977][T31174] bridge0: port 1(bridge_slave_0) entered blocking state [ 2524.140086][T31174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2524.171107][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2524.180266][T31174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2524.188412][T31174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2524.203729][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2524.228229][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2524.241209][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2524.250598][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2524.264404][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2524.274550][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2524.303083][ T8942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2524.861108][ T8950] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2524.878776][ T8950] CPU: 0 PID: 8950 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2524.886640][ T8950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2524.896677][ T8950] Call Trace: [ 2524.899960][ T8950] dump_stack+0xf5/0x159 [ 2524.904234][ T8950] dump_header+0xaa/0x449 [ 2524.908582][ T8950] oom_kill_process.cold+0x10/0x15 [ 2524.913687][ T8950] out_of_memory+0x231/0xa00 [ 2524.918299][ T8950] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2524.923938][ T8950] mem_cgroup_out_of_memory+0x128/0x150 [ 2524.929501][ T8950] try_charge+0xb3a/0xbc0 [ 2524.933855][ T8950] ? rcu_note_context_switch+0x700/0x760 [ 2524.939527][ T8950] mem_cgroup_try_charge+0xd2/0x260 [ 2524.944787][ T8950] __add_to_page_cache_locked+0x163/0x780 [ 2524.950521][ T8950] ? __read_once_size.constprop.0+0x20/0x20 [ 2524.956415][ T8950] add_to_page_cache_lru+0xe2/0x2d0 [ 2524.961607][ T8950] pagecache_get_page+0x2ab/0x760 [ 2524.966701][ T8950] grab_cache_page_write_begin+0x5d/0x90 [ 2524.972448][ T8950] ext4_da_write_begin+0x175/0x7e0 [ 2524.977552][ T8950] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2524.983240][ T8950] generic_perform_write+0x136/0x320 [ 2524.988552][ T8950] __generic_file_write_iter+0x251/0x380 [ 2524.994311][ T8950] ext4_file_write_iter+0x1bd/0xa00 [ 2524.999513][ T8950] new_sync_write+0x388/0x4a0 [ 2525.004192][ T8950] __vfs_write+0xb1/0xc0 [ 2525.008428][ T8950] vfs_write+0x18a/0x390 [ 2525.012719][ T8950] ksys_write+0xd5/0x1b0 [ 2525.017063][ T8950] __x64_sys_write+0x4c/0x60 [ 2525.021714][ T8950] do_syscall_64+0xcc/0x370 [ 2525.026213][ T8950] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2525.032206][ T8950] RIP: 0033:0x459f39 [ 2525.036154][ T8950] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2525.055744][ T8950] RSP: 002b:00007f8b05e1bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2525.064202][ T8950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2525.072171][ T8950] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2525.080324][ T8950] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2525.088280][ T8950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b05e1c6d4 [ 2525.096277][ T8950] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2525.110411][ T8950] memory: usage 6844kB, limit 0kB, failcnt 4867 [ 2525.116779][ T8950] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2525.123654][ T8950] Memory cgroup stats for /syz2: [ 2525.123874][ T8950] anon 6430720 [ 2525.123874][ T8950] file 118784 [ 2525.123874][ T8950] kernel_stack 73728 [ 2525.123874][ T8950] slab 376832 [ 2525.123874][ T8950] sock 0 [ 2525.123874][ T8950] shmem 0 [ 2525.123874][ T8950] file_mapped 0 [ 2525.123874][ T8950] file_dirty 135168 [ 2525.123874][ T8950] file_writeback 0 [ 2525.123874][ T8950] anon_thp 6291456 [ 2525.123874][ T8950] inactive_anon 135168 [ 2525.123874][ T8950] active_anon 6430720 [ 2525.123874][ T8950] inactive_file 61440 [ 2525.123874][ T8950] active_file 77824 [ 2525.123874][ T8950] unevictable 0 [ 2525.123874][ T8950] slab_reclaimable 270336 [ 2525.123874][ T8950] slab_unreclaimable 106496 [ 2525.123874][ T8950] pgfault 110550 [ 2525.123874][ T8950] pgmajfault 0 [ 2525.123874][ T8950] workingset_refault 0 [ 2525.123874][ T8950] workingset_activate 0 [ 2525.123874][ T8950] workingset_nodereclaim 1980 [ 2525.123874][ T8950] pgrefill 79829 [ 2525.123874][ T8950] pgscan 659624 [ 2525.123874][ T8950] pgsteal 208131 [ 2525.218170][ T8950] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8949,uid=0 [ 2525.235830][ T8950] Memory cgroup out of memory: Killed process 8949 (syz-executor.2) total-vm:72852kB, anon-rss:6236kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2525.255897][ T1062] oom_reaper: reaped process 8949 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 07:50:36 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:36 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getpid() ptrace(0xffffffffffffffff, 0x0) ptrace$getregset(0x4205, 0x0, 0x0, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$admmidi(0x0, 0x0, 0x20040) getpid() r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f00000002c0)) r4 = epoll_create1(0x0) epoll_create1(0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r5, 0x400442c8, &(0x7f0000000400)={r6}) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x10010, 0xffffffffffffffff, 0x10000000) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="af00000000000000cfe850a5fdb6fe08b94771c4ea87cf4e5cd2c1b0790abf25cd09000000000000001b0693f6a005c8b51769634eedbde0542dd8605647e11c8d398f5eafde07fcb43309557502c2423a294fca6d266dea88b6ac746c55109ff0fa"], 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd9) 07:50:36 executing program 0: creat(&(0x7f00000013c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 07:50:36 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x403662521ed92189}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x803, 0x200000000000007) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xb779ef21efb66f11}) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) [ 2525.371450][ T8942] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2525.398563][ T8942] CPU: 0 PID: 8942 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2525.406455][ T8942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2525.408331][ T8955] device bridge0 entered promiscuous mode [ 2525.416609][ T8942] Call Trace: [ 2525.416685][ T8942] dump_stack+0xf5/0x159 [ 2525.416734][ T8942] dump_header+0xaa/0x449 [ 2525.434299][ T8942] oom_kill_process.cold+0x10/0x15 [ 2525.439518][ T8942] out_of_memory+0x231/0xa00 [ 2525.444170][ T8942] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2525.449888][ T8942] mem_cgroup_out_of_memory+0x128/0x150 [ 2525.455509][ T8942] try_charge+0xb3a/0xbc0 [ 2525.459877][ T8942] ? rcu_note_context_switch+0x700/0x760 [ 2525.465554][ T8942] mem_cgroup_try_charge+0xd2/0x260 [ 2525.470853][ T8942] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2525.476521][ T8942] wp_page_copy+0x322/0x1160 [ 2525.481126][ T8942] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2525.486881][ T8942] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2525.492556][ T8942] do_wp_page+0x192/0x11f0 [ 2525.497597][ T8942] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2525.503329][ T8942] __handle_mm_fault+0x1c07/0x2cb0 [ 2525.508480][ T8942] handle_mm_fault+0x21b/0x530 [ 2525.513356][ T8942] __do_page_fault+0x3fb/0x9e0 [ 2525.518311][ T8942] do_page_fault+0x54/0x233 [ 2525.522833][ T8942] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2525.528661][ T8942] page_fault+0x34/0x40 [ 2525.532927][ T8942] RIP: 0033:0x431016 [ 2525.536876][ T8942] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2525.556494][ T8942] RSP: 002b:00007ffea566f170 EFLAGS: 00010206 [ 2525.562584][ T8942] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 07:50:36 executing program 3: creat(&(0x7f00000013c0)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x1, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2525.570566][ T8942] RDX: 0000000000f83930 RSI: 0000000000f8b970 RDI: 0000000000000003 [ 2525.578553][ T8942] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000f82940 [ 2525.586531][ T8942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2525.594522][ T8942] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2525.609205][ T8942] memory: usage 384kB, limit 0kB, failcnt 4876 [ 2525.630178][ T8942] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2525.668435][ T8942] Memory cgroup stats for /syz2: [ 2525.668804][ T8942] anon 69632 [ 2525.668804][ T8942] file 118784 [ 2525.668804][ T8942] kernel_stack 36864 [ 2525.668804][ T8942] slab 376832 [ 2525.668804][ T8942] sock 0 [ 2525.668804][ T8942] shmem 0 [ 2525.668804][ T8942] file_mapped 0 [ 2525.668804][ T8942] file_dirty 135168 [ 2525.668804][ T8942] file_writeback 0 [ 2525.668804][ T8942] anon_thp 0 [ 2525.668804][ T8942] inactive_anon 135168 [ 2525.668804][ T8942] active_anon 69632 [ 2525.668804][ T8942] inactive_file 61440 [ 2525.668804][ T8942] active_file 77824 [ 2525.668804][ T8942] unevictable 0 [ 2525.668804][ T8942] slab_reclaimable 270336 [ 2525.668804][ T8942] slab_unreclaimable 106496 [ 2525.668804][ T8942] pgfault 110550 [ 2525.668804][ T8942] pgmajfault 0 [ 2525.668804][ T8942] workingset_refault 0 [ 2525.668804][ T8942] workingset_activate 0 [ 2525.668804][ T8942] workingset_nodereclaim 2013 [ 2525.668804][ T8942] pgrefill 79829 [ 2525.668804][ T8942] pgscan 659624 [ 2525.668804][ T8942] pgsteal 208131 [ 2525.762679][ T25] audit: type=1804 audit(1572076236.481:149): pid=8961 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2295/bus" dev="sda1" ino=16673 res=1 [ 2525.859863][ T25] audit: type=1804 audit(1572076236.481:150): pid=8961 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2295/bus" dev="sda1" ino=16673 res=1 07:50:36 executing program 3: creat(&(0x7f00000013c0)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x30, 0x1, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 07:50:36 executing program 0: 07:50:36 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2526.320978][ T8942] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8942,uid=0 07:50:37 executing program 0: [ 2526.380418][ T8942] Memory cgroup out of memory: Killed process 8942 (syz-executor.2) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2526.454377][ T1062] oom_reaper: reaped process 8942 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2526.472464][ T25] audit: type=1804 audit(1572076237.251:151): pid=8975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2296/bus" dev="sda1" ino=16916 res=1 [ 2526.579946][ T25] audit: type=1804 audit(1572076237.291:152): pid=8975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2296/bus" dev="sda1" ino=16916 res=1 07:50:37 executing program 0: [ 2527.395669][T26081] device bridge_slave_1 left promiscuous mode [ 2527.401946][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2527.455866][T26081] device bridge_slave_0 left promiscuous mode [ 2527.462130][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2528.295412][T26081] device hsr_slave_0 left promiscuous mode [ 2528.335076][T26081] device hsr_slave_1 left promiscuous mode [ 2528.383570][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2528.394414][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2528.405166][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2528.449833][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2528.531359][T26081] bond0 (unregistering): Released all slaves [ 2528.662394][ T8984] IPVS: ftp: loaded support on port[0] = 21 [ 2528.732530][ T8984] chnl_net:caif_netlink_parms(): no params data found [ 2528.763401][ T8984] bridge0: port 1(bridge_slave_0) entered blocking state [ 2528.770642][ T8984] bridge0: port 1(bridge_slave_0) entered disabled state [ 2528.778603][ T8984] device bridge_slave_0 entered promiscuous mode [ 2528.825300][ T8984] bridge0: port 2(bridge_slave_1) entered blocking state [ 2528.832428][ T8984] bridge0: port 2(bridge_slave_1) entered disabled state [ 2528.840614][ T8984] device bridge_slave_1 entered promiscuous mode [ 2528.863388][ T8984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2528.875508][ T8984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2528.899018][ T8984] team0: Port device team_slave_0 added [ 2528.906562][ T8984] team0: Port device team_slave_1 added [ 2528.994802][ T8984] device hsr_slave_0 entered promiscuous mode [ 2529.049772][ T8984] device hsr_slave_1 entered promiscuous mode [ 2529.104916][ T8984] debugfs: Directory 'hsr0' with parent '/' already present! [ 2529.126058][ T8984] bridge0: port 2(bridge_slave_1) entered blocking state [ 2529.133130][ T8984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2529.140490][ T8984] bridge0: port 1(bridge_slave_0) entered blocking state [ 2529.147562][ T8984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2529.196972][ T8984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2529.216446][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2529.230793][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2529.239403][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2529.260360][ T8984] 8021q: adding VLAN 0 to HW filter on device team0 [ 2529.277758][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2529.291738][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2529.298898][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2529.330218][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2529.339328][T31174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2529.346423][T31174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2529.356843][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2529.367382][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2529.382657][ T8984] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2529.393974][ T8984] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2529.408232][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2529.417278][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2529.426607][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2529.437652][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2529.454234][ T8984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2529.840024][ T8992] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2529.853799][ T8992] CPU: 1 PID: 8992 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2529.861616][ T8992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2529.871668][ T8992] Call Trace: [ 2529.874996][ T8992] dump_stack+0xf5/0x159 [ 2529.879250][ T8992] dump_header+0xaa/0x449 [ 2529.883644][ T8992] oom_kill_process.cold+0x10/0x15 [ 2529.888769][ T8992] out_of_memory+0x231/0xa00 [ 2529.893355][ T8992] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2529.898984][ T8992] mem_cgroup_out_of_memory+0x128/0x150 [ 2529.904634][ T8992] try_charge+0xb3a/0xbc0 [ 2529.908990][ T8992] ? rcu_note_context_switch+0x700/0x760 [ 2529.914635][ T8992] mem_cgroup_try_charge+0xd2/0x260 [ 2529.919949][ T8992] __add_to_page_cache_locked+0x163/0x780 [ 2529.925768][ T8992] ? __read_once_size.constprop.0+0x20/0x20 [ 2529.931672][ T8992] add_to_page_cache_lru+0xe2/0x2d0 [ 2529.937057][ T8992] pagecache_get_page+0x2ab/0x760 [ 2529.942101][ T8992] grab_cache_page_write_begin+0x5d/0x90 [ 2529.947727][ T8992] ext4_da_write_begin+0x175/0x7e0 [ 2529.952916][ T8992] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2529.958589][ T8992] generic_perform_write+0x136/0x320 [ 2529.963887][ T8992] __generic_file_write_iter+0x251/0x380 [ 2529.969570][ T8992] ext4_file_write_iter+0x1bd/0xa00 [ 2529.974786][ T8992] new_sync_write+0x388/0x4a0 [ 2529.979497][ T8992] __vfs_write+0xb1/0xc0 [ 2529.983816][ T8992] vfs_write+0x18a/0x390 [ 2529.988061][ T8992] ksys_write+0xd5/0x1b0 [ 2529.992359][ T8992] __x64_sys_write+0x4c/0x60 [ 2529.996943][ T8992] do_syscall_64+0xcc/0x370 [ 2530.001445][ T8992] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2530.007400][ T8992] RIP: 0033:0x459f39 [ 2530.011309][ T8992] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2530.030950][ T8992] RSP: 002b:00007f80676a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2530.039365][ T8992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2530.047389][ T8992] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2530.055349][ T8992] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2530.063318][ T8992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f80676a86d4 [ 2530.071281][ T8992] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2530.083027][ T8992] memory: usage 4744kB, limit 0kB, failcnt 5260 [ 2530.089508][ T8992] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2530.096999][ T8992] Memory cgroup stats for /syz1: [ 2530.097265][ T8992] anon 4321280 [ 2530.097265][ T8992] file 131072 [ 2530.097265][ T8992] kernel_stack 36864 [ 2530.097265][ T8992] slab 319488 [ 2530.097265][ T8992] sock 0 [ 2530.097265][ T8992] shmem 0 [ 2530.097265][ T8992] file_mapped 0 [ 2530.097265][ T8992] file_dirty 0 [ 2530.097265][ T8992] file_writeback 0 [ 2530.097265][ T8992] anon_thp 4194304 [ 2530.097265][ T8992] inactive_anon 0 [ 2530.097265][ T8992] active_anon 4321280 [ 2530.097265][ T8992] inactive_file 131072 [ 2530.097265][ T8992] active_file 159744 [ 2530.097265][ T8992] unevictable 0 [ 2530.097265][ T8992] slab_reclaimable 135168 [ 2530.097265][ T8992] slab_unreclaimable 184320 [ 2530.097265][ T8992] pgfault 101442 [ 2530.097265][ T8992] pgmajfault 0 [ 2530.097265][ T8992] workingset_refault 0 [ 2530.097265][ T8992] workingset_activate 0 [ 2530.097265][ T8992] workingset_nodereclaim 1584 [ 2530.097265][ T8992] pgrefill 54634 [ 2530.097265][ T8992] pgscan 555413 [ 2530.097265][ T8992] pgsteal 191475 [ 2530.190712][ T8992] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8990,uid=0 [ 2530.206223][ T8992] Memory cgroup out of memory: Killed process 8990 (syz-executor.1) total-vm:72720kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2530.226632][ T1062] oom_reaper: reaped process 8990 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:41 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x0, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:41 executing program 3: 07:50:41 executing program 4: 07:50:41 executing program 0: 07:50:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2530.354252][ T8984] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2530.384244][ T8984] CPU: 1 PID: 8984 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2530.392104][ T8984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2530.402172][ T8984] Call Trace: [ 2530.405501][ T8984] dump_stack+0xf5/0x159 [ 2530.409884][ T8984] dump_header+0xaa/0x449 [ 2530.414278][ T8984] oom_kill_process.cold+0x10/0x15 [ 2530.419425][ T8984] out_of_memory+0x231/0xa00 [ 2530.424042][ T8984] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2530.429718][ T8984] mem_cgroup_out_of_memory+0x128/0x150 [ 2530.435302][ T8984] try_charge+0xb3a/0xbc0 [ 2530.439683][ T8984] ? rcu_note_context_switch+0x700/0x760 [ 2530.445364][ T8984] mem_cgroup_try_charge+0xd2/0x260 [ 2530.450650][ T8984] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2530.456353][ T8984] wp_page_copy+0x322/0x1160 [ 2530.460969][ T8984] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2530.466628][ T8984] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2530.472295][ T8984] do_wp_page+0x192/0x11f0 [ 2530.476746][ T8984] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2530.482457][ T8984] __handle_mm_fault+0x1c07/0x2cb0 [ 2530.487623][ T8984] handle_mm_fault+0x21b/0x530 [ 2530.492417][ T8984] __do_page_fault+0x3fb/0x9e0 [ 2530.497259][ T8984] do_page_fault+0x54/0x233 07:50:41 executing program 3: [ 2530.501838][ T8984] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2530.507623][ T8984] page_fault+0x34/0x40 [ 2530.511786][ T8984] RIP: 0033:0x431016 [ 2530.515703][ T8984] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2530.535322][ T8984] RSP: 002b:00007ffeffd650f0 EFLAGS: 00010206 [ 2530.541504][ T8984] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2530.549509][ T8984] RDX: 0000000001114930 RSI: 000000000111c970 RDI: 0000000000000003 [ 2530.557508][ T8984] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001113940 [ 2530.565547][ T8984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2530.573583][ T8984] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:50:41 executing program 0: [ 2530.582623][ T25] audit: type=1804 audit(1572076241.161:153): pid=9000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2297/bus" dev="sda1" ino=16721 res=1 07:50:41 executing program 4: [ 2530.649103][ T25] audit: type=1804 audit(1572076241.161:154): pid=9000 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2297/bus" dev="sda1" ino=16721 res=1 07:50:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2530.774947][ T8984] memory: usage 364kB, limit 0kB, failcnt 5271 [ 2530.781168][ T8984] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2530.818199][ T8984] Memory cgroup stats for /syz1: [ 2530.818471][ T8984] anon 49152 [ 2530.818471][ T8984] file 131072 [ 2530.818471][ T8984] kernel_stack 36864 [ 2530.818471][ T8984] slab 319488 [ 2530.818471][ T8984] sock 0 [ 2530.818471][ T8984] shmem 0 [ 2530.818471][ T8984] file_mapped 0 [ 2530.818471][ T8984] file_dirty 0 [ 2530.818471][ T8984] file_writeback 0 [ 2530.818471][ T8984] anon_thp 0 [ 2530.818471][ T8984] inactive_anon 0 [ 2530.818471][ T8984] active_anon 49152 [ 2530.818471][ T8984] inactive_file 131072 07:50:41 executing program 4: 07:50:41 executing program 3: [ 2530.818471][ T8984] active_file 159744 [ 2530.818471][ T8984] unevictable 0 [ 2530.818471][ T8984] slab_reclaimable 135168 [ 2530.818471][ T8984] slab_unreclaimable 184320 [ 2530.818471][ T8984] pgfault 101442 [ 2530.818471][ T8984] pgmajfault 0 [ 2530.818471][ T8984] workingset_refault 0 [ 2530.818471][ T8984] workingset_activate 0 [ 2530.818471][ T8984] workingset_nodereclaim 1617 [ 2530.818471][ T8984] pgrefill 54634 [ 2530.818471][ T8984] pgscan 555413 [ 2530.818471][ T8984] pgsteal 191475 [ 2530.818471][ T8984] pgactivate 140217 [ 2530.987304][ T25] audit: type=1804 audit(1572076241.771:155): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2298/bus" dev="sda1" ino=16526 res=1 [ 2531.122026][ T25] audit: type=1804 audit(1572076241.831:156): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2298/bus" dev="sda1" ino=16526 res=1 [ 2531.404262][ T8984] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8984,uid=0 [ 2531.461602][ T8984] Memory cgroup out of memory: Killed process 8984 (syz-executor.1) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2531.518718][ T1062] oom_reaper: reaped process 8984 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:42 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:42 executing program 0: 07:50:42 executing program 4: 07:50:42 executing program 3: 07:50:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2531.912242][ T25] audit: type=1804 audit(1572076242.691:157): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2299/bus" dev="sda1" ino=16689 res=1 [ 2532.019397][ T25] audit: type=1804 audit(1572076242.691:158): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2299/bus" dev="sda1" ino=16689 res=1 [ 2532.385701][T26081] device bridge_slave_1 left promiscuous mode [ 2532.391956][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2532.466067][T26081] device bridge_slave_0 left promiscuous mode [ 2532.472440][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.315245][T26081] device hsr_slave_0 left promiscuous mode [ 2533.365046][T26081] device hsr_slave_1 left promiscuous mode [ 2533.431941][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2533.444158][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2533.454704][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2533.509094][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2533.570971][T26081] bond0 (unregistering): Released all slaves [ 2533.682245][ T9028] IPVS: ftp: loaded support on port[0] = 21 [ 2533.758146][ T9028] chnl_net:caif_netlink_parms(): no params data found [ 2533.791607][ T9028] bridge0: port 1(bridge_slave_0) entered blocking state [ 2533.798826][ T9028] bridge0: port 1(bridge_slave_0) entered disabled state [ 2533.807182][ T9028] device bridge_slave_0 entered promiscuous mode [ 2533.814732][ T9028] bridge0: port 2(bridge_slave_1) entered blocking state [ 2533.822097][ T9028] bridge0: port 2(bridge_slave_1) entered disabled state [ 2533.830076][ T9028] device bridge_slave_1 entered promiscuous mode [ 2533.917589][ T9028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2533.933351][ T9028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2533.960681][ T9028] team0: Port device team_slave_0 added [ 2533.972479][ T9028] team0: Port device team_slave_1 added [ 2534.038005][ T9028] device hsr_slave_0 entered promiscuous mode [ 2534.089924][ T9028] device hsr_slave_1 entered promiscuous mode [ 2534.149057][ T9028] debugfs: Directory 'hsr0' with parent '/' already present! [ 2534.170540][ T9028] bridge0: port 2(bridge_slave_1) entered blocking state [ 2534.177656][ T9028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2534.185020][ T9028] bridge0: port 1(bridge_slave_0) entered blocking state [ 2534.192106][ T9028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2534.246861][ T9028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2534.268680][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2534.282060][T32140] bridge0: port 1(bridge_slave_0) entered disabled state [ 2534.290737][T32140] bridge0: port 2(bridge_slave_1) entered disabled state [ 2534.311056][ T9028] 8021q: adding VLAN 0 to HW filter on device team0 [ 2534.323377][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2534.332261][T32140] bridge0: port 1(bridge_slave_0) entered blocking state [ 2534.339414][T32140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2534.358994][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2534.367813][ T5583] bridge0: port 2(bridge_slave_1) entered blocking state [ 2534.374887][ T5583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2534.396536][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2534.406642][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2534.416233][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2534.427819][ T9028] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2534.440206][ T9028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2534.449073][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2534.458257][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2534.476733][ T9028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2534.907382][ T9038] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2534.917889][ T9038] CPU: 0 PID: 9038 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2534.925692][ T9038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2534.935753][ T9038] Call Trace: [ 2534.939036][ T9038] dump_stack+0xf5/0x159 [ 2534.943273][ T9038] dump_header+0xaa/0x449 [ 2534.947617][ T9038] oom_kill_process.cold+0x10/0x15 [ 2534.952739][ T9038] out_of_memory+0x231/0xa00 [ 2534.957327][ T9038] mem_cgroup_out_of_memory+0x128/0x150 [ 2534.962865][ T9038] memory_max_write+0x17b/0x250 [ 2534.967727][ T9038] cgroup_file_write+0x119/0x320 [ 2534.972670][ T9038] ? high_work_func+0x30/0x30 [ 2534.977342][ T9038] kernfs_fop_write+0x1f4/0x2e0 [ 2534.982188][ T9038] ? cgroup_css.part.0+0x90/0x90 [ 2534.987143][ T9038] __vfs_write+0x67/0xc0 [ 2534.991436][ T9038] ? kernfs_seq_show+0xe0/0xe0 [ 2534.996193][ T9038] vfs_write+0x18a/0x390 [ 2535.000440][ T9038] ksys_write+0xd5/0x1b0 [ 2535.004694][ T9038] __x64_sys_write+0x4c/0x60 [ 2535.009301][ T9038] do_syscall_64+0xcc/0x370 [ 2535.013811][ T9038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2535.019717][ T9038] RIP: 0033:0x459f39 [ 2535.023645][ T9038] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2535.043237][ T9038] RSP: 002b:00007f0017c3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2535.051641][ T9038] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2535.059598][ T9038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2535.067567][ T9038] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2535.075537][ T9038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0017c406d4 [ 2535.083493][ T9038] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2535.093783][ T9038] memory: usage 6860kB, limit 0kB, failcnt 4889 [ 2535.100135][ T9038] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2535.107008][ T9038] Memory cgroup stats for /syz2: [ 2535.107211][ T9038] anon 6365184 [ 2535.107211][ T9038] file 0 [ 2535.107211][ T9038] kernel_stack 36864 [ 2535.107211][ T9038] slab 376832 [ 2535.107211][ T9038] sock 0 [ 2535.107211][ T9038] shmem 0 [ 2535.107211][ T9038] file_mapped 0 [ 2535.107211][ T9038] file_dirty 0 [ 2535.107211][ T9038] file_writeback 0 [ 2535.107211][ T9038] anon_thp 6291456 [ 2535.107211][ T9038] inactive_anon 135168 [ 2535.107211][ T9038] active_anon 6365184 [ 2535.107211][ T9038] inactive_file 77824 [ 2535.107211][ T9038] active_file 65536 [ 2535.107211][ T9038] unevictable 0 [ 2535.107211][ T9038] slab_reclaimable 270336 [ 2535.107211][ T9038] slab_unreclaimable 106496 [ 2535.107211][ T9038] pgfault 110616 [ 2535.107211][ T9038] pgmajfault 0 [ 2535.107211][ T9038] workingset_refault 0 [ 2535.107211][ T9038] workingset_activate 0 [ 2535.107211][ T9038] workingset_nodereclaim 2013 [ 2535.107211][ T9038] pgrefill 82205 [ 2535.107211][ T9038] pgscan 666307 [ 2535.107211][ T9038] pgsteal 210366 [ 2535.200886][ T9038] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9034,uid=0 [ 2535.216329][ T9038] Memory cgroup out of memory: Killed process 9034 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 2535.237154][ T1062] oom_reaper: reaped process 9034 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:46 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:46 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:46 executing program 0: 07:50:46 executing program 4: 07:50:46 executing program 3: 07:50:46 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2535.376201][ T9028] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2535.400630][ T9028] CPU: 0 PID: 9028 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2535.408478][ T9028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2535.418548][ T9028] Call Trace: [ 2535.421884][ T9028] dump_stack+0xf5/0x159 [ 2535.426183][ T9028] dump_header+0xaa/0x449 [ 2535.430544][ T9028] oom_kill_process.cold+0x10/0x15 [ 2535.435722][ T9028] out_of_memory+0x231/0xa00 [ 2535.440323][ T9028] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2535.446017][ T9028] mem_cgroup_out_of_memory+0x128/0x150 [ 2535.451625][ T9028] try_charge+0xb3a/0xbc0 [ 2535.455980][ T9028] ? rcu_note_context_switch+0x700/0x760 [ 2535.461646][ T9028] mem_cgroup_try_charge+0xd2/0x260 [ 2535.466951][ T9028] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2535.472620][ T9028] wp_page_copy+0x322/0x1160 [ 2535.477241][ T9028] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2535.482930][ T9028] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2535.488610][ T9028] do_wp_page+0x192/0x11f0 [ 2535.493152][ T9028] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2535.498817][ T9028] __handle_mm_fault+0x1c07/0x2cb0 [ 2535.503973][ T9028] handle_mm_fault+0x21b/0x530 [ 2535.508813][ T9028] __do_page_fault+0x3fb/0x9e0 [ 2535.513614][ T9028] do_page_fault+0x54/0x233 [ 2535.518218][ T9028] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2535.523957][ T9028] page_fault+0x34/0x40 [ 2535.528121][ T9028] RIP: 0033:0x431016 [ 2535.532048][ T9028] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2535.551749][ T9028] RSP: 002b:00007ffde13b9b70 EFLAGS: 00010206 [ 2535.557829][ T9028] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2535.565812][ T9028] RDX: 0000000001d2a930 RSI: 0000000001d32970 RDI: 0000000000000003 [ 2535.573833][ T9028] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001d29940 [ 2535.581864][ T9028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2535.589927][ T9028] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2535.615855][ T9028] memory: usage 400kB, limit 0kB, failcnt 4908 07:50:46 executing program 4: [ 2535.622140][ T9028] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2535.643863][ T9028] Memory cgroup stats for /syz2: [ 2535.644131][ T9028] anon 0 [ 2535.644131][ T9028] file 0 [ 2535.644131][ T9028] kernel_stack 36864 [ 2535.644131][ T9028] slab 376832 [ 2535.644131][ T9028] sock 0 [ 2535.644131][ T9028] shmem 0 [ 2535.644131][ T9028] file_mapped 0 [ 2535.644131][ T9028] file_dirty 0 [ 2535.644131][ T9028] file_writeback 0 07:50:46 executing program 0: 07:50:46 executing program 3: [ 2535.644131][ T9028] anon_thp 0 [ 2535.644131][ T9028] inactive_anon 135168 [ 2535.644131][ T9028] active_anon 0 [ 2535.644131][ T9028] inactive_file 77824 [ 2535.644131][ T9028] active_file 65536 [ 2535.644131][ T9028] unevictable 0 [ 2535.644131][ T9028] slab_reclaimable 270336 [ 2535.644131][ T9028] slab_unreclaimable 106496 [ 2535.644131][ T9028] pgfault 110649 [ 2535.644131][ T9028] pgmajfault 0 [ 2535.644131][ T9028] workingset_refault 0 [ 2535.644131][ T9028] workingset_activate 0 [ 2535.644131][ T9028] workingset_nodereclaim 2013 [ 2535.644131][ T9028] pgrefill 82205 [ 2535.644131][ T9028] pgscan 666307 [ 2535.644131][ T9028] pgsteal 210366 [ 2535.644131][ T9028] pgactivate 183975 [ 2535.793517][ T25] audit: type=1804 audit(1572076246.571:159): pid=9044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2300/bus" dev="sda1" ino=16610 res=1 07:50:46 executing program 0: [ 2535.867153][ T25] audit: type=1804 audit(1572076246.571:160): pid=9044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2300/bus" dev="sda1" ino=16610 res=1 07:50:46 executing program 4: 07:50:46 executing program 3: [ 2536.052943][ T9028] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9028,uid=0 [ 2536.119256][ T9028] Memory cgroup out of memory: Killed process 9028 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2536.175286][ T1062] oom_reaper: reaped process 9028 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:47 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2537.285597][T26081] device bridge_slave_1 left promiscuous mode [ 2537.291867][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2537.335833][T26081] device bridge_slave_0 left promiscuous mode [ 2537.342096][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.185354][T26081] device hsr_slave_0 left promiscuous mode [ 2538.255019][T26081] device hsr_slave_1 left promiscuous mode [ 2538.332206][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2538.344204][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2538.356268][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2538.420229][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2538.481449][T26081] bond0 (unregistering): Released all slaves [ 2538.613127][ T9059] IPVS: ftp: loaded support on port[0] = 21 [ 2538.679561][ T9059] chnl_net:caif_netlink_parms(): no params data found [ 2538.713244][ T9059] bridge0: port 1(bridge_slave_0) entered blocking state [ 2538.720410][ T9059] bridge0: port 1(bridge_slave_0) entered disabled state [ 2538.728358][ T9059] device bridge_slave_0 entered promiscuous mode [ 2538.736205][ T9059] bridge0: port 2(bridge_slave_1) entered blocking state [ 2538.743267][ T9059] bridge0: port 2(bridge_slave_1) entered disabled state [ 2538.751370][ T9059] device bridge_slave_1 entered promiscuous mode [ 2538.834242][ T9059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2538.850583][ T9059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2538.879983][ T9059] team0: Port device team_slave_0 added [ 2538.890902][ T9059] team0: Port device team_slave_1 added [ 2538.968350][ T9059] device hsr_slave_0 entered promiscuous mode [ 2539.005316][ T9059] device hsr_slave_1 entered promiscuous mode [ 2539.054950][ T9059] debugfs: Directory 'hsr0' with parent '/' already present! [ 2539.076897][ T9059] bridge0: port 2(bridge_slave_1) entered blocking state [ 2539.083984][ T9059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2539.091363][ T9059] bridge0: port 1(bridge_slave_0) entered blocking state [ 2539.098513][ T9059] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2539.152173][ T9059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2539.171440][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2539.180424][T26241] bridge0: port 1(bridge_slave_0) entered disabled state [ 2539.194382][T26241] bridge0: port 2(bridge_slave_1) entered disabled state [ 2539.215201][ T9059] 8021q: adding VLAN 0 to HW filter on device team0 [ 2539.228175][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2539.237161][T26241] bridge0: port 1(bridge_slave_0) entered blocking state [ 2539.244198][T26241] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2539.269148][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2539.278516][T32140] bridge0: port 2(bridge_slave_1) entered blocking state [ 2539.285600][T32140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2539.302377][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2539.313629][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2539.333503][ T9059] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2539.354951][ T9059] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2539.368853][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2539.378188][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2539.387742][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2539.401529][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2539.425407][ T9059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2539.826939][ T9067] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2539.845062][ T9067] CPU: 1 PID: 9067 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2539.852891][ T9067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2539.862953][ T9067] Call Trace: [ 2539.866300][ T9067] dump_stack+0xf5/0x159 [ 2539.870557][ T9067] dump_header+0xaa/0x449 [ 2539.874957][ T9067] oom_kill_process.cold+0x10/0x15 [ 2539.880090][ T9067] out_of_memory+0x231/0xa00 [ 2539.884736][ T9067] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2539.890399][ T9067] mem_cgroup_out_of_memory+0x128/0x150 [ 2539.895974][ T9067] try_charge+0xb3a/0xbc0 [ 2539.900315][ T9067] ? rcu_note_context_switch+0x700/0x760 [ 2539.905962][ T9067] mem_cgroup_try_charge+0xd2/0x260 [ 2539.911297][ T9067] __add_to_page_cache_locked+0x163/0x780 [ 2539.917032][ T9067] ? __read_once_size.constprop.0+0x20/0x20 [ 2539.922945][ T9067] add_to_page_cache_lru+0xe2/0x2d0 [ 2539.928148][ T9067] pagecache_get_page+0x2ab/0x760 [ 2539.933168][ T9067] grab_cache_page_write_begin+0x5d/0x90 [ 2539.938816][ T9067] ext4_da_write_begin+0x175/0x7e0 [ 2539.943962][ T9067] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2539.949597][ T9067] generic_perform_write+0x136/0x320 [ 2539.954937][ T9067] __generic_file_write_iter+0x251/0x380 [ 2539.960675][ T9067] ext4_file_write_iter+0x1bd/0xa00 [ 2539.965889][ T9067] new_sync_write+0x388/0x4a0 [ 2539.970651][ T9067] __vfs_write+0xb1/0xc0 [ 2539.974930][ T9067] vfs_write+0x18a/0x390 [ 2539.979201][ T9067] ksys_write+0xd5/0x1b0 [ 2539.983482][ T9067] __x64_sys_write+0x4c/0x60 [ 2539.988067][ T9067] do_syscall_64+0xcc/0x370 [ 2539.992568][ T9067] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2539.998507][ T9067] RIP: 0033:0x459f39 [ 2540.002412][ T9067] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2540.022075][ T9067] RSP: 002b:00007f4987e93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2540.030489][ T9067] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2540.038462][ T9067] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2540.046444][ T9067] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2540.054430][ T9067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4987e946d4 [ 2540.062398][ T9067] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2540.071171][ T9067] memory: usage 4772kB, limit 0kB, failcnt 5302 [ 2540.077524][ T9067] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2540.084372][ T9067] Memory cgroup stats for /syz1: [ 2540.084535][ T9067] anon 4321280 [ 2540.084535][ T9067] file 0 [ 2540.084535][ T9067] kernel_stack 73728 [ 2540.084535][ T9067] slab 319488 [ 2540.084535][ T9067] sock 0 [ 2540.084535][ T9067] shmem 0 [ 2540.084535][ T9067] file_mapped 0 [ 2540.084535][ T9067] file_dirty 0 [ 2540.084535][ T9067] file_writeback 0 [ 2540.084535][ T9067] anon_thp 4194304 [ 2540.084535][ T9067] inactive_anon 0 [ 2540.084535][ T9067] active_anon 4321280 [ 2540.084535][ T9067] inactive_file 65536 [ 2540.084535][ T9067] active_file 0 [ 2540.084535][ T9067] unevictable 0 [ 2540.084535][ T9067] slab_reclaimable 135168 [ 2540.084535][ T9067] slab_unreclaimable 184320 [ 2540.084535][ T9067] pgfault 101508 [ 2540.084535][ T9067] pgmajfault 0 [ 2540.084535][ T9067] workingset_refault 0 [ 2540.084535][ T9067] workingset_activate 0 [ 2540.084535][ T9067] workingset_nodereclaim 1617 [ 2540.084535][ T9067] pgrefill 55000 [ 2540.084535][ T9067] pgscan 559281 [ 2540.084535][ T9067] pgsteal 192932 [ 2540.084535][ T9067] pgactivate 141438 [ 2540.180735][ T9067] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9065,uid=0 [ 2540.198025][ T9067] Memory cgroup out of memory: Killed process 9065 (syz-executor.1) total-vm:72852kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2540.217855][ T1062] oom_reaper: reaped process 9065 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:51 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x0, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:51 executing program 4: 07:50:51 executing program 0: 07:50:51 executing program 3: 07:50:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:51 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2540.301600][ T9059] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2540.311775][ T9059] CPU: 1 PID: 9059 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2540.319603][ T9059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2540.329669][ T9059] Call Trace: [ 2540.332990][ T9059] dump_stack+0xf5/0x159 [ 2540.337257][ T9059] dump_header+0xaa/0x449 [ 2540.341631][ T9059] oom_kill_process.cold+0x10/0x15 [ 2540.346807][ T9059] out_of_memory+0x231/0xa00 [ 2540.351413][ T9059] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2540.357113][ T9059] mem_cgroup_out_of_memory+0x128/0x150 [ 2540.362714][ T9059] try_charge+0xb3a/0xbc0 [ 2540.367151][ T9059] ? rcu_note_context_switch+0x700/0x760 [ 2540.372814][ T9059] mem_cgroup_try_charge+0xd2/0x260 [ 2540.378035][ T9059] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2540.383695][ T9059] __handle_mm_fault+0x179a/0x2cb0 [ 2540.388878][ T9059] handle_mm_fault+0x21b/0x530 [ 2540.393684][ T9059] __do_page_fault+0x3fb/0x9e0 [ 2540.398553][ T9059] do_page_fault+0x54/0x233 [ 2540.403110][ T9059] ? do_syscall_64+0x270/0x370 [ 2540.407892][ T9059] page_fault+0x34/0x40 [ 2540.412107][ T9059] RIP: 0033:0x457ed1 [ 2540.416107][ T9059] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2540.435843][ T9059] RSP: 002b:00007fffeb333f90 EFLAGS: 00010206 [ 2540.442008][ T9059] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000457eb0 07:50:51 executing program 3: [ 2540.449991][ T9059] RDX: 00007fffeb333f90 RSI: 0000000000000003 RDI: 0000000000000001 [ 2540.457976][ T9059] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000285b940 [ 2540.465962][ T9059] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fffeb335170 [ 2540.473945][ T9059] R13: 00007fffeb335160 R14: 0000000000000000 R15: 00007fffeb335170 [ 2540.500465][ T9059] memory: usage 368kB, limit 0kB, failcnt 5313 [ 2540.530509][ T9059] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2540.563538][ T9059] Memory cgroup stats for /syz1: [ 2540.564780][ T9059] anon 57344 [ 2540.564780][ T9059] file 0 [ 2540.564780][ T9059] kernel_stack 36864 [ 2540.564780][ T9059] slab 319488 [ 2540.564780][ T9059] sock 0 [ 2540.564780][ T9059] shmem 0 [ 2540.564780][ T9059] file_mapped 0 [ 2540.564780][ T9059] file_dirty 0 [ 2540.564780][ T9059] file_writeback 0 [ 2540.564780][ T9059] anon_thp 0 [ 2540.564780][ T9059] inactive_anon 0 [ 2540.564780][ T9059] active_anon 57344 [ 2540.564780][ T9059] inactive_file 65536 [ 2540.564780][ T9059] active_file 0 [ 2540.564780][ T9059] unevictable 0 [ 2540.564780][ T9059] slab_reclaimable 135168 [ 2540.564780][ T9059] slab_unreclaimable 184320 [ 2540.564780][ T9059] pgfault 101541 [ 2540.564780][ T9059] pgmajfault 0 [ 2540.564780][ T9059] workingset_refault 0 [ 2540.564780][ T9059] workingset_activate 0 [ 2540.564780][ T9059] workingset_nodereclaim 1617 [ 2540.564780][ T9059] pgrefill 55000 [ 2540.564780][ T9059] pgscan 559281 [ 2540.564780][ T9059] pgsteal 192932 [ 2540.564780][ T9059] pgactivate 141438 [ 2540.576322][ T25] audit: type=1804 audit(1572076251.361:161): pid=9074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2301/bus" dev="sda1" ino=16628 res=1 07:50:51 executing program 4: 07:50:51 executing program 0: 07:50:51 executing program 3: 07:50:51 executing program 0: 07:50:51 executing program 3: [ 2541.119145][ T25] audit: type=1804 audit(1572076251.471:162): pid=9077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2301/bus" dev="sda1" ino=16628 res=1 [ 2541.124695][ T9059] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9059,uid=0 [ 2541.332487][ T9059] Memory cgroup out of memory: Killed process 9059 (syz-executor.1) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2541.410468][ T1062] oom_reaper: reaped process 9059 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:50:52 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:52 executing program 4: 07:50:52 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:50:52 executing program 0: 07:50:52 executing program 3: [ 2541.910033][ T25] audit: type=1804 audit(1572076252.691:163): pid=9093 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2302/bus" dev="sda1" ino=16817 res=1 [ 2541.972286][ T25] audit: type=1804 audit(1572076252.691:164): pid=9093 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2302/bus" dev="sda1" ino=16817 res=1 [ 2542.345918][T26081] device bridge_slave_1 left promiscuous mode [ 2542.352186][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2542.406117][T26081] device bridge_slave_0 left promiscuous mode [ 2542.412452][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.265190][T26081] device hsr_slave_0 left promiscuous mode [ 2543.305141][T26081] device hsr_slave_1 left promiscuous mode [ 2543.372618][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2543.383742][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2543.394630][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2543.459100][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2543.551557][T26081] bond0 (unregistering): Released all slaves [ 2543.642793][ T9100] IPVS: ftp: loaded support on port[0] = 21 [ 2543.706541][ T9100] chnl_net:caif_netlink_parms(): no params data found [ 2543.776418][ T9100] bridge0: port 1(bridge_slave_0) entered blocking state [ 2543.783584][ T9100] bridge0: port 1(bridge_slave_0) entered disabled state [ 2543.797104][ T9100] device bridge_slave_0 entered promiscuous mode [ 2543.809224][ T9100] bridge0: port 2(bridge_slave_1) entered blocking state [ 2543.817042][ T9100] bridge0: port 2(bridge_slave_1) entered disabled state [ 2543.829691][ T9100] device bridge_slave_1 entered promiscuous mode [ 2543.858075][ T9100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2543.872886][ T9100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2543.902850][ T9100] team0: Port device team_slave_0 added [ 2543.913893][ T9100] team0: Port device team_slave_1 added [ 2543.988247][ T9100] device hsr_slave_0 entered promiscuous mode [ 2544.025442][ T9100] device hsr_slave_1 entered promiscuous mode [ 2544.064949][ T9100] debugfs: Directory 'hsr0' with parent '/' already present! [ 2544.086130][ T9100] bridge0: port 2(bridge_slave_1) entered blocking state [ 2544.093229][ T9100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2544.100655][ T9100] bridge0: port 1(bridge_slave_0) entered blocking state [ 2544.107763][ T9100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2544.162183][ T9100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2544.181558][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2544.190779][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2544.204401][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2544.225783][ T9100] 8021q: adding VLAN 0 to HW filter on device team0 [ 2544.238504][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2544.247491][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2544.254538][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2544.284130][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2544.293075][T31174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2544.300158][T31174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2544.316820][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2544.331131][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2544.346876][ T9100] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2544.357425][ T9100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2544.370733][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2544.378959][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2544.387975][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2544.396370][T31174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2544.413389][ T9100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2544.784536][ T9110] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2544.795080][ T9110] CPU: 1 PID: 9110 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2544.803072][ T9110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2544.813126][ T9110] Call Trace: [ 2544.816428][ T9110] dump_stack+0xf5/0x159 [ 2544.820714][ T9110] dump_header+0xaa/0x449 [ 2544.825065][ T9110] oom_kill_process.cold+0x10/0x15 [ 2544.830174][ T9110] out_of_memory+0x231/0xa00 [ 2544.834773][ T9110] mem_cgroup_out_of_memory+0x128/0x150 [ 2544.840320][ T9110] memory_max_write+0x17b/0x250 [ 2544.845172][ T9110] cgroup_file_write+0x119/0x320 [ 2544.850108][ T9110] ? high_work_func+0x30/0x30 [ 2544.854789][ T9110] kernfs_fop_write+0x1f4/0x2e0 [ 2544.859634][ T9110] ? cgroup_css.part.0+0x90/0x90 [ 2544.864580][ T9110] __vfs_write+0x67/0xc0 [ 2544.868820][ T9110] ? kernfs_seq_show+0xe0/0xe0 [ 2544.873582][ T9110] vfs_write+0x18a/0x390 [ 2544.877826][ T9110] ksys_write+0xd5/0x1b0 [ 2544.882067][ T9110] __x64_sys_write+0x4c/0x60 [ 2544.886657][ T9110] do_syscall_64+0xcc/0x370 [ 2544.891163][ T9110] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2544.897055][ T9110] RIP: 0033:0x459f39 [ 2544.900972][ T9110] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2544.920672][ T9110] RSP: 002b:00007f841b35fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2544.929085][ T9110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2544.937054][ T9110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2544.945033][ T9110] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2544.953005][ T9110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f841b3606d4 [ 2544.960981][ T9110] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2544.971401][ T9110] memory: usage 6812kB, limit 0kB, failcnt 4928 [ 2544.978723][ T9110] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2544.986353][ T9110] Memory cgroup stats for /syz2: [ 2544.986495][ T9110] anon 6430720 [ 2544.986495][ T9110] file 217088 [ 2544.986495][ T9110] kernel_stack 73728 [ 2544.986495][ T9110] slab 135168 [ 2544.986495][ T9110] sock 0 [ 2544.986495][ T9110] shmem 0 [ 2544.986495][ T9110] file_mapped 0 [ 2544.986495][ T9110] file_dirty 0 [ 2544.986495][ T9110] file_writeback 0 [ 2544.986495][ T9110] anon_thp 6291456 [ 2544.986495][ T9110] inactive_anon 135168 [ 2544.986495][ T9110] active_anon 6430720 [ 2544.986495][ T9110] inactive_file 217088 [ 2544.986495][ T9110] active_file 114688 [ 2544.986495][ T9110] unevictable 0 [ 2544.986495][ T9110] slab_reclaimable 135168 [ 2544.986495][ T9110] slab_unreclaimable 0 [ 2544.986495][ T9110] pgfault 110715 [ 2544.986495][ T9110] pgmajfault 0 [ 2544.986495][ T9110] workingset_refault 0 [ 2544.986495][ T9110] workingset_activate 0 [ 2544.986495][ T9110] workingset_nodereclaim 2013 [ 2544.986495][ T9110] pgrefill 83792 [ 2544.986495][ T9110] pgscan 673102 [ 2544.986495][ T9110] pgsteal 211807 [ 2545.083059][ T9110] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9106,uid=0 [ 2545.099069][ T9110] Memory cgroup out of memory: Killed process 9106 (syz-executor.2) total-vm:72852kB, anon-rss:6236kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2545.118574][ T1062] oom_reaper: reaped process 9106 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:50:56 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:56 executing program 3: 07:50:56 executing program 0: 07:50:56 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:56 executing program 4: 07:50:56 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2545.223230][ T9100] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2545.275848][ T9100] CPU: 1 PID: 9100 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2545.283715][ T9100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2545.293829][ T9100] Call Trace: [ 2545.297173][ T9100] dump_stack+0xf5/0x159 [ 2545.301452][ T9100] dump_header+0xaa/0x449 [ 2545.305817][ T9100] oom_kill_process.cold+0x10/0x15 [ 2545.311044][ T9100] out_of_memory+0x231/0xa00 [ 2545.315665][ T9100] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2545.321461][ T9100] mem_cgroup_out_of_memory+0x128/0x150 [ 2545.327166][ T9100] try_charge+0xb3a/0xbc0 [ 2545.331588][ T9100] ? rcu_note_context_switch+0x700/0x760 [ 2545.337334][ T9100] mem_cgroup_try_charge+0xd2/0x260 [ 2545.342649][ T9100] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2545.348384][ T9100] wp_page_copy+0x322/0x1160 [ 2545.353004][ T9100] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2545.358668][ T9100] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2545.364347][ T9100] do_wp_page+0x192/0x11f0 [ 2545.368795][ T9100] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2545.374511][ T9100] __handle_mm_fault+0x1c07/0x2cb0 [ 2545.379720][ T9100] handle_mm_fault+0x21b/0x530 [ 2545.384526][ T9100] __do_page_fault+0x3fb/0x9e0 [ 2545.389326][ T9100] do_page_fault+0x54/0x233 [ 2545.394073][ T9100] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2545.399924][ T9100] page_fault+0x34/0x40 [ 2545.404092][ T9100] RIP: 0033:0x431016 [ 2545.408030][ T9100] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2545.427650][ T9100] RSP: 002b:00007ffea9d89740 EFLAGS: 00010206 [ 2545.433926][ T9100] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2545.441945][ T9100] RDX: 0000000001dd3930 RSI: 0000000001ddb970 RDI: 0000000000000003 [ 2545.449942][ T9100] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001dd2940 [ 2545.458014][ T9100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2545.466067][ T9100] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2545.493729][ T25] audit: type=1804 audit(1572076256.271:165): pid=9115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2303/bus" dev="sda1" ino=16558 res=1 07:50:56 executing program 3: 07:50:56 executing program 4: [ 2545.595008][ T25] audit: type=1804 audit(1572076256.311:166): pid=9115 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2303/bus" dev="sda1" ino=16558 res=1 07:50:56 executing program 0: [ 2545.644975][ T9100] memory: usage 360kB, limit 0kB, failcnt 4937 [ 2545.651199][ T9100] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2545.699525][ T9100] Memory cgroup stats for /syz2: [ 2545.699751][ T9100] anon 69632 [ 2545.699751][ T9100] file 217088 [ 2545.699751][ T9100] kernel_stack 36864 [ 2545.699751][ T9100] slab 135168 [ 2545.699751][ T9100] sock 0 [ 2545.699751][ T9100] shmem 0 [ 2545.699751][ T9100] file_mapped 0 [ 2545.699751][ T9100] file_dirty 0 [ 2545.699751][ T9100] file_writeback 0 [ 2545.699751][ T9100] anon_thp 0 [ 2545.699751][ T9100] inactive_anon 135168 [ 2545.699751][ T9100] active_anon 69632 [ 2545.699751][ T9100] inactive_file 217088 [ 2545.699751][ T9100] active_file 114688 [ 2545.699751][ T9100] unevictable 0 [ 2545.699751][ T9100] slab_reclaimable 135168 [ 2545.699751][ T9100] slab_unreclaimable 0 [ 2545.699751][ T9100] pgfault 110715 [ 2545.699751][ T9100] pgmajfault 0 [ 2545.699751][ T9100] workingset_refault 0 [ 2545.699751][ T9100] workingset_activate 0 [ 2545.699751][ T9100] workingset_nodereclaim 2046 [ 2545.699751][ T9100] pgrefill 83792 [ 2545.699751][ T9100] pgscan 673102 [ 2545.699751][ T9100] pgsteal 211807 [ 2545.699751][ T9100] pgactivate 186582 07:50:56 executing program 4: 07:50:56 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x2f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 07:50:56 executing program 0: [ 2546.189351][ T9100] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9100,uid=0 [ 2546.241210][ T9100] Memory cgroup out of memory: Killed process 9100 (syz-executor.2) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 07:50:57 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:50:57 executing program 4: 07:50:57 executing program 0: [ 2547.155449][T26081] device bridge_slave_1 left promiscuous mode [ 2547.161778][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2547.225874][T26081] device bridge_slave_0 left promiscuous mode [ 2547.232215][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2548.035203][T26081] device hsr_slave_0 left promiscuous mode [ 2548.085135][T26081] device hsr_slave_1 left promiscuous mode [ 2548.153251][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2548.164234][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2548.175102][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2548.210228][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2548.291721][T26081] bond0 (unregistering): Released all slaves [ 2548.373783][ T9136] IPVS: ftp: loaded support on port[0] = 21 [ 2548.438668][ T9136] chnl_net:caif_netlink_parms(): no params data found [ 2548.468728][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state [ 2548.476121][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state [ 2548.483964][ T9136] device bridge_slave_0 entered promiscuous mode [ 2548.491671][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state [ 2548.498917][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state [ 2548.506996][ T9136] device bridge_slave_1 entered promiscuous mode [ 2548.577363][ T9136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2548.592865][ T9136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2548.620688][ T9136] team0: Port device team_slave_0 added [ 2548.632320][ T9136] team0: Port device team_slave_1 added [ 2548.718118][ T9136] device hsr_slave_0 entered promiscuous mode [ 2548.769712][ T9136] device hsr_slave_1 entered promiscuous mode [ 2548.829420][ T9136] debugfs: Directory 'hsr0' with parent '/' already present! [ 2548.850977][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state [ 2548.858066][ T9136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2548.865484][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state [ 2548.872521][ T9136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2548.929921][ T9136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2548.949063][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2548.962823][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2548.971901][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2548.992023][ T9136] 8021q: adding VLAN 0 to HW filter on device team0 [ 2549.009864][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2549.023334][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2549.030417][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2549.057345][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2549.066466][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2549.073506][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2549.083761][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2549.111343][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2549.122571][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2549.132301][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2549.140985][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2549.151049][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2549.174465][ T9136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2549.767455][ T9144] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2549.784482][ T9144] CPU: 0 PID: 9144 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2549.792299][ T9144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2549.802423][ T9144] Call Trace: [ 2549.805830][ T9144] dump_stack+0xf5/0x159 [ 2549.810069][ T9144] dump_header+0xaa/0x449 [ 2549.814399][ T9144] oom_kill_process.cold+0x10/0x15 [ 2549.819502][ T9144] out_of_memory+0x231/0xa00 [ 2549.824091][ T9144] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2549.829804][ T9144] mem_cgroup_out_of_memory+0x128/0x150 [ 2549.835360][ T9144] try_charge+0xb3a/0xbc0 [ 2549.839702][ T9144] ? rcu_note_context_switch+0x700/0x760 [ 2549.845402][ T9144] mem_cgroup_try_charge+0xd2/0x260 [ 2549.850598][ T9144] __add_to_page_cache_locked+0x163/0x780 [ 2549.856343][ T9144] ? __read_once_size.constprop.0+0x20/0x20 [ 2549.862231][ T9144] add_to_page_cache_lru+0xe2/0x2d0 [ 2549.867424][ T9144] pagecache_get_page+0x2ab/0x760 [ 2549.872621][ T9144] grab_cache_page_write_begin+0x5d/0x90 [ 2549.878304][ T9144] ext4_da_write_begin+0x175/0x7e0 [ 2549.883464][ T9144] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2549.889143][ T9144] generic_perform_write+0x136/0x320 [ 2549.894431][ T9144] __generic_file_write_iter+0x251/0x380 [ 2549.900318][ T9144] ext4_file_write_iter+0x1bd/0xa00 [ 2549.905521][ T9144] new_sync_write+0x388/0x4a0 [ 2549.910270][ T9144] __vfs_write+0xb1/0xc0 [ 2549.914506][ T9144] vfs_write+0x18a/0x390 [ 2549.918819][ T9144] ksys_write+0xd5/0x1b0 [ 2549.923053][ T9144] __x64_sys_write+0x4c/0x60 [ 2549.927638][ T9144] do_syscall_64+0xcc/0x370 [ 2549.932185][ T9144] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2549.938060][ T9144] RIP: 0033:0x459f39 [ 2549.941962][ T9144] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2549.962644][ T9144] RSP: 002b:00007fabc4181c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2549.971055][ T9144] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2549.979187][ T9144] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2549.987156][ T9144] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2549.995134][ T9144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabc41826d4 [ 2550.003179][ T9144] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2550.016028][ T9144] memory: usage 4792kB, limit 0kB, failcnt 5355 [ 2550.022386][ T9144] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2550.030193][ T9144] Memory cgroup stats for /syz1: [ 2550.030420][ T9144] anon 4362240 [ 2550.030420][ T9144] file 217088 [ 2550.030420][ T9144] kernel_stack 73728 [ 2550.030420][ T9144] slab 315392 [ 2550.030420][ T9144] sock 0 [ 2550.030420][ T9144] shmem 0 [ 2550.030420][ T9144] file_mapped 0 [ 2550.030420][ T9144] file_dirty 135168 [ 2550.030420][ T9144] file_writeback 0 [ 2550.030420][ T9144] anon_thp 4194304 [ 2550.030420][ T9144] inactive_anon 0 [ 2550.030420][ T9144] active_anon 4362240 [ 2550.030420][ T9144] inactive_file 106496 [ 2550.030420][ T9144] active_file 102400 [ 2550.030420][ T9144] unevictable 0 [ 2550.030420][ T9144] slab_reclaimable 270336 [ 2550.030420][ T9144] slab_unreclaimable 45056 [ 2550.030420][ T9144] pgfault 101607 [ 2550.030420][ T9144] pgmajfault 0 [ 2550.030420][ T9144] workingset_refault 0 [ 2550.030420][ T9144] workingset_activate 0 [ 2550.030420][ T9144] workingset_nodereclaim 1617 [ 2550.030420][ T9144] pgrefill 56999 [ 2550.030420][ T9144] pgscan 565562 [ 2550.030420][ T9144] pgsteal 194945 [ 2550.124866][ T9144] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9143,uid=0 [ 2550.140466][ T9144] Memory cgroup out of memory: Killed process 9143 (syz-executor.1) total-vm:72852kB, anon-rss:4256kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2550.160186][ T1062] oom_reaper: reaped process 9143 (syz-executor.1), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 07:51:01 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:01 executing program 3: 07:51:01 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = socket(0x2, 0x803, 0xff) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r3 = dup(r2) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r3, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:51:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:01 executing program 0: 07:51:01 executing program 4: [ 2550.254644][ T9136] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2550.288595][ T25] audit: type=1804 audit(1572076261.071:167): pid=9151 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2304/bus" dev="sda1" ino=16627 res=1 [ 2550.334955][ T9136] CPU: 0 PID: 9136 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2550.342801][ T9136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2550.352919][ T9136] Call Trace: [ 2550.356229][ T9136] dump_stack+0xf5/0x159 [ 2550.360616][ T9136] dump_header+0xaa/0x449 [ 2550.364986][ T9136] oom_kill_process.cold+0x10/0x15 [ 2550.370127][ T9136] out_of_memory+0x231/0xa00 [ 2550.374748][ T9136] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2550.380505][ T9136] mem_cgroup_out_of_memory+0x128/0x150 [ 2550.386094][ T9136] try_charge+0xb3a/0xbc0 [ 2550.390448][ T9136] ? rcu_note_context_switch+0x700/0x760 [ 2550.396103][ T9136] mem_cgroup_try_charge+0xd2/0x260 [ 2550.401334][ T9136] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2550.407003][ T9136] wp_page_copy+0x322/0x1160 [ 2550.411605][ T25] audit: type=1804 audit(1572076261.121:168): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2304/bus" dev="sda1" ino=16627 res=1 [ 2550.435686][ T9136] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2550.441364][ T9136] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2550.447070][ T9136] do_wp_page+0x192/0x11f0 [ 2550.451504][ T9136] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2550.457158][ T9136] __handle_mm_fault+0x1c07/0x2cb0 [ 2550.462327][ T9136] handle_mm_fault+0x21b/0x530 [ 2550.467159][ T9136] __do_page_fault+0x3fb/0x9e0 [ 2550.471948][ T9136] do_page_fault+0x54/0x233 [ 2550.476545][ T9136] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2550.482357][ T9136] page_fault+0x34/0x40 [ 2550.486622][ T9136] RIP: 0033:0x431016 [ 2550.490551][ T9136] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2550.510208][ T9136] RSP: 002b:00007ffcfb297950 EFLAGS: 00010206 [ 2550.516312][ T9136] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2550.524366][ T9136] RDX: 000000000240f930 RSI: 0000000002417970 RDI: 0000000000000003 [ 2550.532398][ T9136] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000240e940 [ 2550.540381][ T9136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2550.548361][ T9136] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:51:01 executing program 4: 07:51:01 executing program 0: 07:51:01 executing program 3: 07:51:01 executing program 4: 07:51:01 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(0x0, 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2550.844975][ T9136] memory: usage 376kB, limit 0kB, failcnt 5364 [ 2550.857122][ T9136] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2550.911309][ T9136] Memory cgroup stats for /syz1: [ 2550.911630][ T9136] anon 61440 [ 2550.911630][ T9136] file 217088 [ 2550.911630][ T9136] kernel_stack 36864 [ 2550.911630][ T9136] slab 315392 [ 2550.911630][ T9136] sock 0 [ 2550.911630][ T9136] shmem 0 [ 2550.911630][ T9136] file_mapped 0 [ 2550.911630][ T9136] file_dirty 135168 [ 2550.911630][ T9136] file_writeback 0 [ 2550.911630][ T9136] anon_thp 0 [ 2550.911630][ T9136] inactive_anon 0 [ 2550.911630][ T9136] active_anon 61440 [ 2550.911630][ T9136] inactive_file 106496 [ 2550.911630][ T9136] active_file 102400 [ 2550.911630][ T9136] unevictable 0 [ 2550.911630][ T9136] slab_reclaimable 270336 [ 2550.911630][ T9136] slab_unreclaimable 45056 [ 2550.911630][ T9136] pgfault 101607 [ 2550.911630][ T9136] pgmajfault 0 [ 2550.911630][ T9136] workingset_refault 0 [ 2550.911630][ T9136] workingset_activate 0 [ 2550.911630][ T9136] workingset_nodereclaim 1650 [ 2550.911630][ T9136] pgrefill 56999 [ 2550.911630][ T9136] pgscan 565562 [ 2550.911630][ T9136] pgsteal 194945 07:51:01 executing program 3: [ 2551.354959][ T9136] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9136,uid=0 [ 2551.385111][ T9136] Memory cgroup out of memory: Killed process 9136 (syz-executor.1) total-vm:72456kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2551.424115][ T1062] oom_reaper: reaped process 9136 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:02 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:02 executing program 0: 07:51:02 executing program 4: [ 2552.126103][T26081] device bridge_slave_1 left promiscuous mode [ 2552.132321][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2552.195679][T26081] device bridge_slave_0 left promiscuous mode [ 2552.201913][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2553.035279][T26081] device hsr_slave_0 left promiscuous mode [ 2553.075087][T26081] device hsr_slave_1 left promiscuous mode [ 2553.123488][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2553.134591][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2553.145713][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2553.198843][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2553.291193][T26081] bond0 (unregistering): Released all slaves [ 2553.394354][ T9172] IPVS: ftp: loaded support on port[0] = 21 [ 2553.458058][ T9172] chnl_net:caif_netlink_parms(): no params data found [ 2553.490808][ T9172] bridge0: port 1(bridge_slave_0) entered blocking state [ 2553.497940][ T9172] bridge0: port 1(bridge_slave_0) entered disabled state [ 2553.505927][ T9172] device bridge_slave_0 entered promiscuous mode [ 2553.513426][ T9172] bridge0: port 2(bridge_slave_1) entered blocking state [ 2553.520570][ T9172] bridge0: port 2(bridge_slave_1) entered disabled state [ 2553.528422][ T9172] device bridge_slave_1 entered promiscuous mode [ 2553.550138][ T9172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2553.560891][ T9172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2553.613013][ T9172] team0: Port device team_slave_0 added [ 2553.623996][ T9172] team0: Port device team_slave_1 added [ 2553.687948][ T9172] device hsr_slave_0 entered promiscuous mode [ 2553.725271][ T9172] device hsr_slave_1 entered promiscuous mode [ 2553.774907][ T9172] debugfs: Directory 'hsr0' with parent '/' already present! [ 2553.796899][ T9172] bridge0: port 2(bridge_slave_1) entered blocking state [ 2553.803969][ T9172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2553.811354][ T9172] bridge0: port 1(bridge_slave_0) entered blocking state [ 2553.818431][ T9172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2553.867704][ T9172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2553.886831][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2553.900519][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2553.908886][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2553.930370][ T9172] 8021q: adding VLAN 0 to HW filter on device team0 [ 2553.943253][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2553.952506][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2553.959580][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2553.993228][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2554.002506][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2554.009585][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2554.025277][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2554.034364][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2554.054575][ T9172] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2554.070702][ T9172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2554.084499][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2554.098854][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2554.111195][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2554.133340][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2554.148667][ T9172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2554.566043][ T9181] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2554.578564][ T9181] CPU: 0 PID: 9181 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2554.586370][ T9181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2554.596438][ T9181] Call Trace: [ 2554.599755][ T9181] dump_stack+0xf5/0x159 [ 2554.604007][ T9181] dump_header+0xaa/0x449 [ 2554.608353][ T9181] oom_kill_process.cold+0x10/0x15 [ 2554.613563][ T9181] out_of_memory+0x231/0xa00 [ 2554.618169][ T9181] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2554.623797][ T9181] mem_cgroup_out_of_memory+0x128/0x150 [ 2554.629445][ T9181] try_charge+0xb3a/0xbc0 [ 2554.633840][ T9181] ? rcu_note_context_switch+0x700/0x760 [ 2554.639506][ T9181] mem_cgroup_try_charge+0xd2/0x260 [ 2554.644769][ T9181] __add_to_page_cache_locked+0x163/0x780 [ 2554.650486][ T9181] ? __read_once_size.constprop.0+0x20/0x20 [ 2554.656371][ T9181] add_to_page_cache_lru+0xe2/0x2d0 [ 2554.661561][ T9181] pagecache_get_page+0x2ab/0x760 [ 2554.666577][ T9181] grab_cache_page_write_begin+0x5d/0x90 [ 2554.672262][ T9181] ext4_da_write_begin+0x175/0x7e0 [ 2554.677363][ T9181] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2554.683045][ T9181] generic_perform_write+0x136/0x320 [ 2554.688330][ T9181] __generic_file_write_iter+0x251/0x380 [ 2554.694007][ T9181] ext4_file_write_iter+0x1bd/0xa00 [ 2554.699203][ T9181] new_sync_write+0x388/0x4a0 [ 2554.703893][ T9181] __vfs_write+0xb1/0xc0 [ 2554.708131][ T9181] vfs_write+0x18a/0x390 [ 2554.712414][ T9181] ksys_write+0xd5/0x1b0 [ 2554.716693][ T9181] __x64_sys_write+0x4c/0x60 [ 2554.721346][ T9181] do_syscall_64+0xcc/0x370 [ 2554.725901][ T9181] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2554.731847][ T9181] RIP: 0033:0x459f39 [ 2554.735798][ T9181] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2554.755390][ T9181] RSP: 002b:00007f2c6f2f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2554.763888][ T9181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2554.771845][ T9181] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2554.779895][ T9181] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2554.787855][ T9181] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c6f2f66d4 [ 2554.795820][ T9181] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2554.805197][ T9181] memory: usage 6856kB, limit 0kB, failcnt 4977 [ 2554.811462][ T9181] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2554.818382][ T9181] Memory cgroup stats for /syz2: [ 2554.818647][ T9181] anon 6447104 [ 2554.818647][ T9181] file 143360 [ 2554.818647][ T9181] kernel_stack 36864 [ 2554.818647][ T9181] slab 241664 [ 2554.818647][ T9181] sock 0 [ 2554.818647][ T9181] shmem 0 [ 2554.818647][ T9181] file_mapped 0 [ 2554.818647][ T9181] file_dirty 0 [ 2554.818647][ T9181] file_writeback 0 [ 2554.818647][ T9181] anon_thp 6291456 [ 2554.818647][ T9181] inactive_anon 135168 [ 2554.818647][ T9181] active_anon 6447104 [ 2554.818647][ T9181] inactive_file 151552 [ 2554.818647][ T9181] active_file 28672 [ 2554.818647][ T9181] unevictable 0 [ 2554.818647][ T9181] slab_reclaimable 135168 [ 2554.818647][ T9181] slab_unreclaimable 106496 [ 2554.818647][ T9181] pgfault 110781 [ 2554.818647][ T9181] pgmajfault 0 [ 2554.818647][ T9181] workingset_refault 0 [ 2554.818647][ T9181] workingset_activate 0 [ 2554.818647][ T9181] workingset_nodereclaim 2046 [ 2554.818647][ T9181] pgrefill 84427 [ 2554.818647][ T9181] pgscan 680211 [ 2554.818647][ T9181] pgsteal 213673 [ 2554.912549][ T9181] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9180,uid=0 [ 2554.928118][ T9181] Memory cgroup out of memory: Killed process 9180 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2554.947732][ T1062] oom_reaper: reaped process 9180 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:05 executing program 3: 07:51:05 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(0x0, 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:05 executing program 0: 07:51:05 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:05 executing program 4: [ 2555.068877][ T9172] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2555.111606][ T9172] CPU: 0 PID: 9172 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2555.119559][ T9172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2555.129621][ T9172] Call Trace: [ 2555.132939][ T9172] dump_stack+0xf5/0x159 [ 2555.137210][ T9172] dump_header+0xaa/0x449 [ 2555.141633][ T9172] oom_kill_process.cold+0x10/0x15 [ 2555.146770][ T9172] out_of_memory+0x231/0xa00 [ 2555.151434][ T9172] ? __kcsan_setup_watchpoint+0x6b/0x4a0 07:51:06 executing program 4: [ 2555.157108][ T9172] mem_cgroup_out_of_memory+0x128/0x150 [ 2555.162701][ T9172] try_charge+0xb3a/0xbc0 [ 2555.167066][ T9172] ? rcu_note_context_switch+0x700/0x760 [ 2555.172821][ T9172] mem_cgroup_try_charge+0xd2/0x260 [ 2555.178049][ T9172] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2555.183794][ T9172] wp_page_copy+0x322/0x1160 [ 2555.188411][ T9172] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2555.194065][ T9172] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2555.199727][ T9172] do_wp_page+0x192/0x11f0 [ 2555.204163][ T9172] ? __kcsan_setup_watchpoint+0x6b/0x4a0 07:51:06 executing program 0: [ 2555.209839][ T9172] __handle_mm_fault+0x1c07/0x2cb0 [ 2555.215053][ T9172] handle_mm_fault+0x21b/0x530 [ 2555.219937][ T9172] __do_page_fault+0x3fb/0x9e0 [ 2555.224924][ T9172] do_page_fault+0x54/0x233 [ 2555.229460][ T9172] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2555.235293][ T9172] page_fault+0x34/0x40 [ 2555.239456][ T9172] RIP: 0033:0x431016 [ 2555.243395][ T9172] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2555.263621][ T9172] RSP: 002b:00007fff505bc6b0 EFLAGS: 00010206 [ 2555.269694][ T9172] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2555.277676][ T9172] RDX: 0000000001343930 RSI: 000000000134b970 RDI: 0000000000000003 [ 2555.285659][ T9172] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001342940 [ 2555.293654][ T9172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2555.301806][ T9172] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:51:06 executing program 4: 07:51:06 executing program 0: 07:51:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(0x0, 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2555.390758][ T9172] memory: usage 400kB, limit 0kB, failcnt 4992 [ 2555.397013][ T9172] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2555.403893][ T9172] Memory cgroup stats for /syz2: [ 2555.404197][ T9172] anon 61440 [ 2555.404197][ T9172] file 143360 [ 2555.404197][ T9172] kernel_stack 36864 [ 2555.404197][ T9172] slab 241664 [ 2555.404197][ T9172] sock 0 [ 2555.404197][ T9172] shmem 0 [ 2555.404197][ T9172] file_mapped 0 [ 2555.404197][ T9172] file_dirty 0 [ 2555.404197][ T9172] file_writeback 0 07:51:06 executing program 3: [ 2555.404197][ T9172] anon_thp 0 [ 2555.404197][ T9172] inactive_anon 135168 [ 2555.404197][ T9172] active_anon 61440 [ 2555.404197][ T9172] inactive_file 151552 [ 2555.404197][ T9172] active_file 28672 [ 2555.404197][ T9172] unevictable 0 [ 2555.404197][ T9172] slab_reclaimable 135168 [ 2555.404197][ T9172] slab_unreclaimable 106496 [ 2555.404197][ T9172] pgfault 110781 [ 2555.404197][ T9172] pgmajfault 0 [ 2555.404197][ T9172] workingset_refault 0 [ 2555.404197][ T9172] workingset_activate 0 [ 2555.404197][ T9172] workingset_nodereclaim 2079 [ 2555.404197][ T9172] pgrefill 84427 [ 2555.404197][ T9172] pgscan 680211 [ 2555.404197][ T9172] pgsteal 213673 [ 2555.505584][ T9172] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9172,uid=0 [ 2555.574289][ T9172] Memory cgroup out of memory: Killed process 9172 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2555.653780][ T1062] oom_reaper: reaped process 9172 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:07 executing program 3: 07:51:07 executing program 0: [ 2556.975709][T26081] device bridge_slave_1 left promiscuous mode [ 2556.982224][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2557.035765][T26081] device bridge_slave_0 left promiscuous mode [ 2557.042018][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2557.915281][T26081] device hsr_slave_0 left promiscuous mode [ 2557.955056][T26081] device hsr_slave_1 left promiscuous mode [ 2558.022238][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2558.033289][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2558.043898][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2558.088752][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2558.170568][T26081] bond0 (unregistering): Released all slaves [ 2558.274275][ T9208] IPVS: ftp: loaded support on port[0] = 21 [ 2558.336424][ T9208] chnl_net:caif_netlink_parms(): no params data found [ 2558.370758][ T9208] bridge0: port 1(bridge_slave_0) entered blocking state [ 2558.377960][ T9208] bridge0: port 1(bridge_slave_0) entered disabled state [ 2558.385928][ T9208] device bridge_slave_0 entered promiscuous mode [ 2558.393390][ T9208] bridge0: port 2(bridge_slave_1) entered blocking state [ 2558.401015][ T9208] bridge0: port 2(bridge_slave_1) entered disabled state [ 2558.412335][ T9208] device bridge_slave_1 entered promiscuous mode [ 2558.477229][ T9208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2558.488514][ T9208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2558.513136][ T9208] team0: Port device team_slave_0 added [ 2558.520426][ T9208] team0: Port device team_slave_1 added [ 2558.592364][ T9208] device hsr_slave_0 entered promiscuous mode [ 2558.670072][ T9208] device hsr_slave_1 entered promiscuous mode [ 2558.724993][ T9208] debugfs: Directory 'hsr0' with parent '/' already present! [ 2558.746639][ T9208] bridge0: port 2(bridge_slave_1) entered blocking state [ 2558.753708][ T9208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2558.761096][ T9208] bridge0: port 1(bridge_slave_0) entered blocking state [ 2558.768178][ T9208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2558.810222][ T9208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2558.824224][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2558.833743][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2558.842574][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2558.867512][ T9208] 8021q: adding VLAN 0 to HW filter on device team0 [ 2558.884485][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2558.893486][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2558.900554][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2558.931171][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2558.940027][ T5583] bridge0: port 2(bridge_slave_1) entered blocking state [ 2558.947089][ T5583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2558.962140][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2558.986234][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2558.995788][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2559.005361][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2559.013852][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2559.024521][ T9208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2559.045560][ T9208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2559.394469][ T9216] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2559.411475][ T9216] CPU: 1 PID: 9216 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2559.419298][ T9216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2559.429359][ T9216] Call Trace: [ 2559.432658][ T9216] dump_stack+0xf5/0x159 [ 2559.437089][ T9216] dump_header+0xaa/0x449 [ 2559.441416][ T9216] oom_kill_process.cold+0x10/0x15 [ 2559.446538][ T9216] out_of_memory+0x231/0xa00 [ 2559.451182][ T9216] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2559.456858][ T9216] mem_cgroup_out_of_memory+0x128/0x150 [ 2559.462440][ T9216] try_charge+0xb3a/0xbc0 [ 2559.466839][ T9216] ? rcu_note_context_switch+0x700/0x760 [ 2559.472585][ T9216] mem_cgroup_try_charge+0xd2/0x260 [ 2559.477866][ T9216] __add_to_page_cache_locked+0x163/0x780 [ 2559.483597][ T9216] ? __read_once_size.constprop.0+0x20/0x20 [ 2559.489603][ T9216] add_to_page_cache_lru+0xe2/0x2d0 [ 2559.494797][ T9216] pagecache_get_page+0x2ab/0x760 [ 2559.499992][ T9216] grab_cache_page_write_begin+0x5d/0x90 [ 2559.505617][ T9216] ext4_da_write_begin+0x175/0x7e0 [ 2559.510761][ T9216] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2559.516450][ T9216] generic_perform_write+0x136/0x320 [ 2559.521732][ T9216] __generic_file_write_iter+0x251/0x380 [ 2559.527506][ T9216] ext4_file_write_iter+0x1bd/0xa00 [ 2559.532723][ T9216] new_sync_write+0x388/0x4a0 [ 2559.537409][ T9216] __vfs_write+0xb1/0xc0 [ 2559.541640][ T9216] vfs_write+0x18a/0x390 [ 2559.545947][ T9216] ksys_write+0xd5/0x1b0 [ 2559.550182][ T9216] __x64_sys_write+0x4c/0x60 [ 2559.554776][ T9216] do_syscall_64+0xcc/0x370 [ 2559.559292][ T9216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2559.565246][ T9216] RIP: 0033:0x459f39 [ 2559.569149][ T9216] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2559.588757][ T9216] RSP: 002b:00007fa6c3b5ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2559.597300][ T9216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2559.605257][ T9216] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2559.613216][ T9216] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2559.621173][ T9216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6c3b5b6d4 [ 2559.629160][ T9216] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2559.639076][ T9216] memory: usage 4732kB, limit 0kB, failcnt 5391 [ 2559.645414][ T9216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2559.652265][ T9216] Memory cgroup stats for /syz1: [ 2559.652504][ T9216] anon 4362240 [ 2559.652504][ T9216] file 163840 [ 2559.652504][ T9216] kernel_stack 36864 [ 2559.652504][ T9216] slab 180224 [ 2559.652504][ T9216] sock 0 [ 2559.652504][ T9216] shmem 0 [ 2559.652504][ T9216] file_mapped 0 [ 2559.652504][ T9216] file_dirty 0 [ 2559.652504][ T9216] file_writeback 0 [ 2559.652504][ T9216] anon_thp 4194304 [ 2559.652504][ T9216] inactive_anon 0 [ 2559.652504][ T9216] active_anon 4362240 [ 2559.652504][ T9216] inactive_file 106496 [ 2559.652504][ T9216] active_file 0 [ 2559.652504][ T9216] unevictable 0 [ 2559.652504][ T9216] slab_reclaimable 135168 [ 2559.652504][ T9216] slab_unreclaimable 45056 [ 2559.652504][ T9216] pgfault 101673 [ 2559.652504][ T9216] pgmajfault 0 [ 2559.652504][ T9216] workingset_refault 0 [ 2559.652504][ T9216] workingset_activate 0 [ 2559.652504][ T9216] workingset_nodereclaim 1650 [ 2559.652504][ T9216] pgrefill 57032 [ 2559.652504][ T9216] pgscan 566923 [ 2559.652504][ T9216] pgsteal 196034 [ 2559.745852][ T9216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9215,uid=0 [ 2559.761383][ T9216] Memory cgroup out of memory: Killed process 9215 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 07:51:10 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:10 executing program 0: 07:51:10 executing program 4: 07:51:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:10 executing program 3: 07:51:10 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2559.894764][ T9208] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2559.915367][ T9208] CPU: 1 PID: 9208 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2559.923269][ T9208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2559.933327][ T9208] Call Trace: [ 2559.936646][ T9208] dump_stack+0xf5/0x159 [ 2559.940920][ T9208] dump_header+0xaa/0x449 [ 2559.945327][ T9208] oom_kill_process.cold+0x10/0x15 [ 2559.950476][ T9208] out_of_memory+0x231/0xa00 [ 2559.955157][ T9208] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2559.960831][ T9208] mem_cgroup_out_of_memory+0x128/0x150 [ 2559.966423][ T9208] try_charge+0xb3a/0xbc0 [ 2559.970817][ T9208] ? rcu_note_context_switch+0x700/0x760 [ 2559.976552][ T9208] mem_cgroup_try_charge+0xd2/0x260 [ 2559.981823][ T9208] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2559.987536][ T9208] wp_page_copy+0x322/0x1160 [ 2559.992149][ T9208] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2559.997807][ T9208] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2560.003469][ T9208] do_wp_page+0x192/0x11f0 [ 2560.007904][ T9208] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2560.013629][ T9208] __handle_mm_fault+0x1c07/0x2cb0 [ 2560.018843][ T9208] handle_mm_fault+0x21b/0x530 [ 2560.023643][ T9208] __do_page_fault+0x3fb/0x9e0 [ 2560.028491][ T9208] do_page_fault+0x54/0x233 [ 2560.033018][ T9208] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2560.038754][ T9208] page_fault+0x34/0x40 [ 2560.042912][ T9208] RIP: 0033:0x431016 [ 2560.046918][ T9208] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2560.066534][ T9208] RSP: 002b:00007ffc0bf8f450 EFLAGS: 00010206 [ 2560.072617][ T9208] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2560.080595][ T9208] RDX: 000000000135c930 RSI: 0000000001364970 RDI: 0000000000000003 07:51:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2560.088573][ T9208] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000135b940 [ 2560.096554][ T9208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2560.104536][ T9208] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:51:11 executing program 0: 07:51:11 executing program 3: 07:51:11 executing program 4: [ 2560.284978][ T9208] memory: usage 352kB, limit 0kB, failcnt 5400 [ 2560.294987][ T9208] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2560.321999][ T9208] Memory cgroup stats for /syz1: [ 2560.322361][ T9208] anon 90112 [ 2560.322361][ T9208] file 163840 [ 2560.322361][ T9208] kernel_stack 36864 [ 2560.322361][ T9208] slab 180224 [ 2560.322361][ T9208] sock 0 [ 2560.322361][ T9208] shmem 0 [ 2560.322361][ T9208] file_mapped 0 [ 2560.322361][ T9208] file_dirty 0 [ 2560.322361][ T9208] file_writeback 0 [ 2560.322361][ T9208] anon_thp 0 [ 2560.322361][ T9208] inactive_anon 0 [ 2560.322361][ T9208] active_anon 90112 [ 2560.322361][ T9208] inactive_file 106496 [ 2560.322361][ T9208] active_file 0 [ 2560.322361][ T9208] unevictable 0 [ 2560.322361][ T9208] slab_reclaimable 135168 [ 2560.322361][ T9208] slab_unreclaimable 45056 [ 2560.322361][ T9208] pgfault 101673 [ 2560.322361][ T9208] pgmajfault 0 [ 2560.322361][ T9208] workingset_refault 0 [ 2560.322361][ T9208] workingset_activate 0 [ 2560.322361][ T9208] workingset_nodereclaim 1650 [ 2560.322361][ T9208] pgrefill 57032 [ 2560.322361][ T9208] pgscan 566923 [ 2560.322361][ T9208] pgsteal 196034 [ 2560.322361][ T9208] pgactivate 144507 07:51:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:11 executing program 0: [ 2560.745621][ T9208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9208,uid=0 [ 2560.761807][ T9208] Memory cgroup out of memory: Killed process 9208 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2560.815770][ T1062] oom_reaper: reaped process 9208 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:12 executing program 4: 07:51:12 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:12 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x0, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:12 executing program 3: 07:51:12 executing program 0: [ 2561.393440][ T25] audit: type=1804 audit(1572076272.171:169): pid=9244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2311/bus" dev="sda1" ino=16737 res=1 [ 2561.455647][ T25] audit: type=1804 audit(1572076272.211:170): pid=9241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2311/bus" dev="sda1" ino=16737 res=1 [ 2561.725531][T26081] device bridge_slave_1 left promiscuous mode [ 2561.731778][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2561.795509][T26081] device bridge_slave_0 left promiscuous mode [ 2561.801788][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2562.655481][T26081] device hsr_slave_0 left promiscuous mode [ 2562.735066][T26081] device hsr_slave_1 left promiscuous mode [ 2562.783261][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2562.794252][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2562.804840][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2562.840042][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2562.942136][T26081] bond0 (unregistering): Released all slaves [ 2563.043946][ T9249] IPVS: ftp: loaded support on port[0] = 21 [ 2563.109697][ T9249] chnl_net:caif_netlink_parms(): no params data found [ 2563.143222][ T9249] bridge0: port 1(bridge_slave_0) entered blocking state [ 2563.150372][ T9249] bridge0: port 1(bridge_slave_0) entered disabled state [ 2563.159040][ T9249] device bridge_slave_0 entered promiscuous mode [ 2563.166895][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state [ 2563.173936][ T9249] bridge0: port 2(bridge_slave_1) entered disabled state [ 2563.181796][ T9249] device bridge_slave_1 entered promiscuous mode [ 2563.205158][ T9249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2563.261162][ T9249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2563.289249][ T9249] team0: Port device team_slave_0 added [ 2563.296336][ T9249] team0: Port device team_slave_1 added [ 2563.362614][ T9249] device hsr_slave_0 entered promiscuous mode [ 2563.425383][ T9249] device hsr_slave_1 entered promiscuous mode [ 2563.464930][ T9249] debugfs: Directory 'hsr0' with parent '/' already present! [ 2563.485977][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state [ 2563.493035][ T9249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2563.500395][ T9249] bridge0: port 1(bridge_slave_0) entered blocking state [ 2563.507508][ T9249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2563.563431][ T9249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2563.582560][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2563.591524][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2563.605560][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2563.625626][ T9249] 8021q: adding VLAN 0 to HW filter on device team0 [ 2563.642051][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2563.650809][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2563.657945][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2563.691745][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2563.700396][ T5583] bridge0: port 2(bridge_slave_1) entered blocking state [ 2563.707850][ T5583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2563.722400][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2563.732320][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2563.752138][ T9249] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2563.767304][ T9249] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2563.782419][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2563.794650][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2563.811241][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2563.829485][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2563.838947][ T9249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2564.247689][ T9259] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2564.263220][ T9259] CPU: 0 PID: 9259 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2564.271037][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2564.281090][ T9259] Call Trace: [ 2564.284398][ T9259] dump_stack+0xf5/0x159 [ 2564.288661][ T9259] dump_header+0xaa/0x449 [ 2564.293011][ T9259] oom_kill_process.cold+0x10/0x15 [ 2564.298127][ T9259] out_of_memory+0x231/0xa00 [ 2564.302702][ T9259] ? __tsan_read8+0x2c/0x30 [ 2564.307235][ T9259] ? timer_reduce+0xa4/0x830 [ 2564.311818][ T9259] mem_cgroup_out_of_memory+0x128/0x150 [ 2564.317360][ T9259] memory_max_write+0x17b/0x250 [ 2564.322214][ T9259] cgroup_file_write+0x119/0x320 [ 2564.327146][ T9259] ? high_work_func+0x30/0x30 [ 2564.331820][ T9259] kernfs_fop_write+0x1f4/0x2e0 [ 2564.336672][ T9259] ? cgroup_css.part.0+0x90/0x90 [ 2564.341657][ T9259] __vfs_write+0x67/0xc0 [ 2564.345890][ T9259] ? kernfs_seq_show+0xe0/0xe0 [ 2564.350655][ T9259] vfs_write+0x18a/0x390 [ 2564.354891][ T9259] ksys_write+0xd5/0x1b0 [ 2564.359124][ T9259] __x64_sys_write+0x4c/0x60 [ 2564.363718][ T9259] do_syscall_64+0xcc/0x370 [ 2564.368211][ T9259] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2564.374123][ T9259] RIP: 0033:0x459f39 [ 2564.378011][ T9259] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2564.397619][ T9259] RSP: 002b:00007feeb95ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2564.406014][ T9259] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2564.413978][ T9259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2564.421945][ T9259] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2564.429901][ T9259] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feeb95de6d4 [ 2564.437858][ T9259] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2564.449654][ T9259] memory: usage 6820kB, limit 0kB, failcnt 5015 [ 2564.455969][ T9259] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2564.462806][ T9259] Memory cgroup stats for /syz2: [ 2564.462915][ T9259] anon 6459392 [ 2564.462915][ T9259] file 94208 [ 2564.462915][ T9259] kernel_stack 73728 [ 2564.462915][ T9259] slab 376832 [ 2564.462915][ T9259] sock 0 [ 2564.462915][ T9259] shmem 0 [ 2564.462915][ T9259] file_mapped 0 [ 2564.462915][ T9259] file_dirty 0 [ 2564.462915][ T9259] file_writeback 0 [ 2564.462915][ T9259] anon_thp 6291456 [ 2564.462915][ T9259] inactive_anon 135168 [ 2564.462915][ T9259] active_anon 6459392 [ 2564.462915][ T9259] inactive_file 0 [ 2564.462915][ T9259] active_file 135168 [ 2564.462915][ T9259] unevictable 0 [ 2564.462915][ T9259] slab_reclaimable 270336 [ 2564.462915][ T9259] slab_unreclaimable 106496 [ 2564.462915][ T9259] pgfault 110847 [ 2564.462915][ T9259] pgmajfault 0 [ 2564.462915][ T9259] workingset_refault 0 [ 2564.462915][ T9259] workingset_activate 0 [ 2564.462915][ T9259] workingset_nodereclaim 2079 [ 2564.462915][ T9259] pgrefill 85053 [ 2564.462915][ T9259] pgscan 683990 [ 2564.462915][ T9259] pgsteal 215743 [ 2564.558853][ T9259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9255,uid=0 [ 2564.574418][ T9259] Memory cgroup out of memory: Killed process 9255 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 2564.595153][ T1062] oom_reaper: reaped process 9255 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:15 executing program 3: 07:51:15 executing program 0: 07:51:15 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x0, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:15 executing program 4: [ 2564.717892][ T9249] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2564.749217][ T9249] CPU: 0 PID: 9249 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2564.757093][ T9249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2564.767239][ T9249] Call Trace: [ 2564.770571][ T9249] dump_stack+0xf5/0x159 [ 2564.774893][ T9249] dump_header+0xaa/0x449 [ 2564.779257][ T9249] oom_kill_process.cold+0x10/0x15 [ 2564.784431][ T9249] out_of_memory+0x231/0xa00 [ 2564.789042][ T9249] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2564.794712][ T9249] mem_cgroup_out_of_memory+0x128/0x150 [ 2564.800367][ T9249] try_charge+0xb3a/0xbc0 [ 2564.804845][ T9249] ? rcu_note_context_switch+0x700/0x760 [ 2564.810532][ T9249] mem_cgroup_try_charge+0xd2/0x260 [ 2564.815812][ T9249] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2564.821477][ T9249] wp_page_copy+0x322/0x1160 [ 2564.826085][ T9249] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2564.831738][ T9249] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2564.837409][ T9249] do_wp_page+0x192/0x11f0 [ 2564.841859][ T9249] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2564.847520][ T9249] __handle_mm_fault+0x1c07/0x2cb0 [ 2564.852743][ T9249] handle_mm_fault+0x21b/0x530 [ 2564.857538][ T9249] __do_page_fault+0x3fb/0x9e0 [ 2564.862376][ T9249] do_page_fault+0x54/0x233 [ 2564.866961][ T9249] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2564.872753][ T9249] page_fault+0x34/0x40 [ 2564.876921][ T9249] RIP: 0033:0x431016 [ 2564.880842][ T9249] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2564.900462][ T9249] RSP: 002b:00007ffe2aefb480 EFLAGS: 00010206 [ 2564.906542][ T9249] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2564.914556][ T9249] RDX: 0000000001573930 RSI: 000000000157b970 RDI: 0000000000000003 [ 2564.922545][ T9249] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001572940 [ 2564.930535][ T9249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2564.938515][ T9249] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:51:15 executing program 3: 07:51:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x0, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:15 executing program 0: [ 2564.947200][ T25] audit: type=1804 audit(1572076275.531:171): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2312/bus" dev="sda1" ino=16706 res=1 [ 2564.960745][ T9249] memory: usage 356kB, limit 0kB, failcnt 5024 07:51:15 executing program 3: [ 2565.089736][ T25] audit: type=1804 audit(1572076275.531:172): pid=9264 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2312/bus" dev="sda1" ino=16706 res=1 07:51:15 executing program 4: [ 2565.224958][ T25] audit: type=1804 audit(1572076275.841:173): pid=9268 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2313/bus" dev="sda1" ino=16527 res=1 [ 2565.225038][ T9249] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:51:16 executing program 0: [ 2565.357244][ T25] audit: type=1804 audit(1572076275.851:174): pid=9268 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2313/bus" dev="sda1" ino=16527 res=1 [ 2565.687611][ T9249] Memory cgroup stats for /syz2: [ 2565.687915][ T9249] anon 159744 [ 2565.687915][ T9249] file 94208 [ 2565.687915][ T9249] kernel_stack 0 [ 2565.687915][ T9249] slab 376832 [ 2565.687915][ T9249] sock 0 [ 2565.687915][ T9249] shmem 0 [ 2565.687915][ T9249] file_mapped 0 [ 2565.687915][ T9249] file_dirty 0 [ 2565.687915][ T9249] file_writeback 0 [ 2565.687915][ T9249] anon_thp 0 [ 2565.687915][ T9249] inactive_anon 135168 [ 2565.687915][ T9249] active_anon 159744 [ 2565.687915][ T9249] inactive_file 0 [ 2565.687915][ T9249] active_file 135168 [ 2565.687915][ T9249] unevictable 0 [ 2565.687915][ T9249] slab_reclaimable 270336 [ 2565.687915][ T9249] slab_unreclaimable 106496 [ 2565.687915][ T9249] pgfault 110847 [ 2565.687915][ T9249] pgmajfault 0 [ 2565.687915][ T9249] workingset_refault 0 [ 2565.687915][ T9249] workingset_activate 0 [ 2565.687915][ T9249] workingset_nodereclaim 2112 [ 2565.687915][ T9249] pgrefill 85053 [ 2565.687915][ T9249] pgscan 683990 [ 2565.687915][ T9249] pgsteal 215743 [ 2565.687915][ T9249] pgactivate 190245 [ 2565.805874][ T9249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9249,uid=0 [ 2565.865011][ T9249] Memory cgroup out of memory: Killed process 9249 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2565.916491][ T1062] oom_reaper: reaped process 9249 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 07:51:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:16 executing program 3: 07:51:16 executing program 4: [ 2566.605771][T26081] device bridge_slave_1 left promiscuous mode [ 2566.612080][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2566.665751][T26081] device bridge_slave_0 left promiscuous mode [ 2566.672026][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2567.495189][T26081] device hsr_slave_0 left promiscuous mode [ 2567.555000][T26081] device hsr_slave_1 left promiscuous mode [ 2567.613210][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2567.623920][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2567.634736][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2567.690264][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2567.752234][T26081] bond0 (unregistering): Released all slaves [ 2567.853539][ T9287] IPVS: ftp: loaded support on port[0] = 21 [ 2567.917624][ T9287] chnl_net:caif_netlink_parms(): no params data found [ 2567.949923][ T9287] bridge0: port 1(bridge_slave_0) entered blocking state [ 2567.957117][ T9287] bridge0: port 1(bridge_slave_0) entered disabled state [ 2567.964889][ T9287] device bridge_slave_0 entered promiscuous mode [ 2568.014996][ T9287] bridge0: port 2(bridge_slave_1) entered blocking state [ 2568.022169][ T9287] bridge0: port 2(bridge_slave_1) entered disabled state [ 2568.034579][ T9287] device bridge_slave_1 entered promiscuous mode [ 2568.062406][ T9287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2568.077835][ T9287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2568.110421][ T9287] team0: Port device team_slave_0 added [ 2568.118988][ T9287] team0: Port device team_slave_1 added [ 2568.179473][ T9287] device hsr_slave_0 entered promiscuous mode [ 2568.245301][ T9287] device hsr_slave_1 entered promiscuous mode [ 2568.284923][ T9287] debugfs: Directory 'hsr0' with parent '/' already present! [ 2568.305924][ T9287] bridge0: port 2(bridge_slave_1) entered blocking state [ 2568.312983][ T9287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2568.320432][ T9287] bridge0: port 1(bridge_slave_0) entered blocking state [ 2568.327504][ T9287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2568.378092][ T9287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2568.397461][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2568.411493][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2568.419969][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2568.441200][ T9287] 8021q: adding VLAN 0 to HW filter on device team0 [ 2568.458650][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2568.472362][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2568.479575][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2568.508542][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2568.522445][T32140] bridge0: port 2(bridge_slave_1) entered blocking state [ 2568.529551][T32140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2568.545459][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2568.554589][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2568.574746][ T9287] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2568.590138][ T9287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2568.604128][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2568.616041][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2568.624575][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2568.633999][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2568.652138][ T9287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2569.046120][ T9295] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2569.058651][ T9295] CPU: 1 PID: 9295 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2569.066463][ T9295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2569.076595][ T9295] Call Trace: [ 2569.079895][ T9295] dump_stack+0xf5/0x159 [ 2569.084172][ T9295] dump_header+0xaa/0x449 [ 2569.088549][ T9295] oom_kill_process.cold+0x10/0x15 [ 2569.093670][ T9295] out_of_memory+0x231/0xa00 [ 2569.098247][ T9295] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.103875][ T9295] mem_cgroup_out_of_memory+0x128/0x150 [ 2569.109454][ T9295] try_charge+0xb3a/0xbc0 [ 2569.113788][ T9295] ? rcu_note_context_switch+0x700/0x760 [ 2569.119494][ T9295] mem_cgroup_try_charge+0xd2/0x260 [ 2569.124683][ T9295] __add_to_page_cache_locked+0x163/0x780 [ 2569.130455][ T9295] ? __read_once_size.constprop.0+0x20/0x20 [ 2569.136342][ T9295] add_to_page_cache_lru+0xe2/0x2d0 [ 2569.141555][ T9295] pagecache_get_page+0x2ab/0x760 [ 2569.146625][ T9295] grab_cache_page_write_begin+0x5d/0x90 [ 2569.152246][ T9295] ext4_da_write_begin+0x175/0x7e0 [ 2569.157356][ T9295] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.163007][ T9295] generic_perform_write+0x136/0x320 [ 2569.168338][ T9295] __generic_file_write_iter+0x251/0x380 [ 2569.174153][ T9295] ext4_file_write_iter+0x1bd/0xa00 [ 2569.179369][ T9295] new_sync_write+0x388/0x4a0 [ 2569.184071][ T9295] __vfs_write+0xb1/0xc0 [ 2569.188424][ T9295] vfs_write+0x18a/0x390 [ 2569.192708][ T9295] ksys_write+0xd5/0x1b0 [ 2569.197018][ T9295] __x64_sys_write+0x4c/0x60 [ 2569.201786][ T9295] do_syscall_64+0xcc/0x370 [ 2569.206323][ T9295] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2569.212290][ T9295] RIP: 0033:0x459f39 [ 2569.216186][ T9295] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2569.235923][ T9295] RSP: 002b:00007f3cb7607c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2569.244325][ T9295] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2569.252346][ T9295] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2569.260373][ T9295] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2569.268358][ T9295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3cb76086d4 [ 2569.276432][ T9295] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2569.285401][ T9295] memory: usage 4756kB, limit 0kB, failcnt 5424 [ 2569.291666][ T9295] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2569.299025][ T9295] Memory cgroup stats for /syz1: [ 2569.299326][ T9295] anon 4272128 [ 2569.299326][ T9295] file 98304 [ 2569.299326][ T9295] kernel_stack 36864 [ 2569.299326][ T9295] slab 180224 [ 2569.299326][ T9295] sock 0 [ 2569.299326][ T9295] shmem 0 [ 2569.299326][ T9295] file_mapped 0 [ 2569.299326][ T9295] file_dirty 0 [ 2569.299326][ T9295] file_writeback 0 [ 2569.299326][ T9295] anon_thp 4194304 [ 2569.299326][ T9295] inactive_anon 0 [ 2569.299326][ T9295] active_anon 4272128 [ 2569.299326][ T9295] inactive_file 180224 [ 2569.299326][ T9295] active_file 0 [ 2569.299326][ T9295] unevictable 0 [ 2569.299326][ T9295] slab_reclaimable 135168 [ 2569.299326][ T9295] slab_unreclaimable 45056 [ 2569.299326][ T9295] pgfault 101772 [ 2569.299326][ T9295] pgmajfault 0 [ 2569.299326][ T9295] workingset_refault 0 [ 2569.299326][ T9295] workingset_activate 0 [ 2569.299326][ T9295] workingset_nodereclaim 1650 [ 2569.299326][ T9295] pgrefill 57032 [ 2569.299326][ T9295] pgscan 569914 [ 2569.299326][ T9295] pgsteal 197316 [ 2569.393128][ T9295] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9294,uid=0 [ 2569.408743][ T9295] Memory cgroup out of memory: Killed process 9294 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 07:51:20 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0x0, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:20 executing program 0: 07:51:20 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x0, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:20 executing program 3: 07:51:20 executing program 4: [ 2569.568244][ T9287] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2569.600765][ T9287] CPU: 0 PID: 9287 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2569.608607][ T9287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2569.618667][ T9287] Call Trace: [ 2569.621993][ T9287] dump_stack+0xf5/0x159 [ 2569.626277][ T9287] dump_header+0xaa/0x449 [ 2569.630643][ T9287] oom_kill_process.cold+0x10/0x15 [ 2569.635804][ T9287] out_of_memory+0x231/0xa00 [ 2569.640464][ T9287] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.646153][ T9287] mem_cgroup_out_of_memory+0x128/0x150 [ 2569.651727][ T9287] try_charge+0xb3a/0xbc0 [ 2569.656095][ T9287] ? rcu_note_context_switch+0x700/0x760 [ 2569.661838][ T9287] mem_cgroup_try_charge+0xd2/0x260 07:51:20 executing program 3: [ 2569.667083][ T9287] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2569.672766][ T9287] wp_page_copy+0x322/0x1160 [ 2569.677431][ T9287] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.683082][ T9287] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.688740][ T9287] do_wp_page+0x192/0x11f0 [ 2569.693174][ T9287] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2569.698844][ T9287] __handle_mm_fault+0x1c07/0x2cb0 [ 2569.703996][ T9287] handle_mm_fault+0x21b/0x530 [ 2569.708797][ T9287] __do_page_fault+0x3fb/0x9e0 [ 2569.713645][ T9287] do_page_fault+0x54/0x233 [ 2569.718199][ T9287] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2569.723940][ T9287] page_fault+0x34/0x40 [ 2569.728104][ T9287] RIP: 0033:0x431016 [ 2569.732102][ T9287] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2569.751717][ T9287] RSP: 002b:00007fff4ca54420 EFLAGS: 00010206 [ 2569.757802][ T9287] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2569.765797][ T9287] RDX: 00000000019c5930 RSI: 00000000019cd970 RDI: 0000000000000003 [ 2569.773793][ T9287] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000019c4940 [ 2569.781807][ T9287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2569.789799][ T9287] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2569.798325][ T25] audit: type=1804 audit(1572076280.381:175): pid=9303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2314/bus" dev="sda1" ino=16705 res=1 07:51:20 executing program 0: 07:51:20 executing program 4: [ 2569.875210][ T25] audit: type=1804 audit(1572076280.381:176): pid=9303 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2314/bus" dev="sda1" ino=16705 res=1 07:51:20 executing program 3: [ 2569.965038][ T9287] memory: usage 368kB, limit 0kB, failcnt 5433 [ 2569.971239][ T9287] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:51:20 executing program 0: [ 2570.048297][ T9287] Memory cgroup stats for /syz1: [ 2570.048611][ T9287] anon 61440 [ 2570.048611][ T9287] file 98304 [ 2570.048611][ T9287] kernel_stack 36864 [ 2570.048611][ T9287] slab 180224 [ 2570.048611][ T9287] sock 0 [ 2570.048611][ T9287] shmem 0 [ 2570.048611][ T9287] file_mapped 0 [ 2570.048611][ T9287] file_dirty 0 [ 2570.048611][ T9287] file_writeback 0 [ 2570.048611][ T9287] anon_thp 0 [ 2570.048611][ T9287] inactive_anon 0 [ 2570.048611][ T9287] active_anon 61440 [ 2570.048611][ T9287] inactive_file 45056 [ 2570.048611][ T9287] active_file 0 [ 2570.048611][ T9287] unevictable 0 [ 2570.048611][ T9287] slab_reclaimable 135168 [ 2570.048611][ T9287] slab_unreclaimable 45056 [ 2570.048611][ T9287] pgfault 101772 [ 2570.048611][ T9287] pgmajfault 0 [ 2570.048611][ T9287] workingset_refault 0 [ 2570.048611][ T9287] workingset_activate 0 [ 2570.048611][ T9287] workingset_nodereclaim 1683 [ 2570.048611][ T9287] pgrefill 57032 [ 2570.048611][ T9287] pgscan 569947 [ 2570.048611][ T9287] pgsteal 197316 [ 2570.048611][ T9287] pgactivate 145167 07:51:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x0, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2570.411302][ T25] audit: type=1804 audit(1572076281.191:177): pid=9319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2315/bus" dev="sda1" ino=16705 res=1 [ 2570.513956][ T25] audit: type=1804 audit(1572076281.221:178): pid=9319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2315/bus" dev="sda1" ino=16705 res=1 [ 2570.557301][ T9287] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9287,uid=0 [ 2570.589621][ T9287] Memory cgroup out of memory: Killed process 9287 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2570.644284][ T1062] oom_reaper: reaped process 9287 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:21 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:21 executing program 4: 07:51:21 executing program 0: 07:51:21 executing program 3: 07:51:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x0, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2571.084370][ T25] audit: type=1804 audit(1572076281.861:179): pid=9328 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2316/bus" dev="sda1" ino=16705 res=1 [ 2571.160622][ T25] audit: type=1804 audit(1572076281.901:180): pid=9328 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2316/bus" dev="sda1" ino=16705 res=1 [ 2571.455472][T26081] device bridge_slave_1 left promiscuous mode [ 2571.461832][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2571.496074][T26081] device bridge_slave_0 left promiscuous mode [ 2571.502266][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2572.345470][T26081] device hsr_slave_0 left promiscuous mode [ 2572.385058][T26081] device hsr_slave_1 left promiscuous mode [ 2572.434892][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2572.446256][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2572.457008][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2572.498568][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2572.560673][T26081] bond0 (unregistering): Released all slaves [ 2572.663089][ T9334] IPVS: ftp: loaded support on port[0] = 21 [ 2572.725501][ T9334] chnl_net:caif_netlink_parms(): no params data found [ 2572.795043][ T9334] bridge0: port 1(bridge_slave_0) entered blocking state [ 2572.802181][ T9334] bridge0: port 1(bridge_slave_0) entered disabled state [ 2572.810286][ T9334] device bridge_slave_0 entered promiscuous mode [ 2572.818272][ T9334] bridge0: port 2(bridge_slave_1) entered blocking state [ 2572.825797][ T9334] bridge0: port 2(bridge_slave_1) entered disabled state [ 2572.833875][ T9334] device bridge_slave_1 entered promiscuous mode [ 2572.856887][ T9334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2572.867907][ T9334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2572.891525][ T9334] team0: Port device team_slave_0 added [ 2572.898658][ T9334] team0: Port device team_slave_1 added [ 2572.988104][ T9334] device hsr_slave_0 entered promiscuous mode [ 2573.075422][ T9334] device hsr_slave_1 entered promiscuous mode [ 2573.165329][ T9334] debugfs: Directory 'hsr0' with parent '/' already present! [ 2573.187119][ T9334] bridge0: port 2(bridge_slave_1) entered blocking state [ 2573.194192][ T9334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2573.201534][ T9334] bridge0: port 1(bridge_slave_0) entered blocking state [ 2573.208690][ T9334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2573.262395][ T9334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2573.280988][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2573.289642][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2573.304009][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2573.326927][ T9334] 8021q: adding VLAN 0 to HW filter on device team0 [ 2573.344125][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2573.352872][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2573.359929][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2573.392473][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2573.401620][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2573.408774][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2573.419123][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2573.428084][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2573.436961][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2573.449950][ T9334] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2573.461394][ T9334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2573.469981][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2573.479336][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2573.512575][ T9334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2573.910941][ T9344] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2573.921327][ T9344] CPU: 0 PID: 9344 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2573.929139][ T9344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2573.939175][ T9344] Call Trace: [ 2573.942545][ T9344] dump_stack+0xf5/0x159 [ 2573.946782][ T9344] dump_header+0xaa/0x449 [ 2573.951105][ T9344] oom_kill_process.cold+0x10/0x15 [ 2573.956211][ T9344] out_of_memory+0x231/0xa00 [ 2573.960833][ T9344] ? __tsan_read8+0x2c/0x30 [ 2573.965347][ T9344] ? timer_reduce+0xa4/0x830 [ 2573.969950][ T9344] mem_cgroup_out_of_memory+0x128/0x150 [ 2573.975527][ T9344] memory_max_write+0x17b/0x250 [ 2573.980368][ T9344] cgroup_file_write+0x119/0x320 [ 2573.985298][ T9344] ? high_work_func+0x30/0x30 [ 2573.989966][ T9344] kernfs_fop_write+0x1f4/0x2e0 [ 2573.994802][ T9344] ? cgroup_css.part.0+0x90/0x90 [ 2573.999733][ T9344] __vfs_write+0x67/0xc0 [ 2574.003959][ T9344] ? kernfs_seq_show+0xe0/0xe0 [ 2574.008711][ T9344] vfs_write+0x18a/0x390 [ 2574.012942][ T9344] ksys_write+0xd5/0x1b0 [ 2574.017177][ T9344] __x64_sys_write+0x4c/0x60 [ 2574.021763][ T9344] do_syscall_64+0xcc/0x370 [ 2574.026267][ T9344] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2574.032140][ T9344] RIP: 0033:0x459f39 [ 2574.036044][ T9344] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2574.055634][ T9344] RSP: 002b:00007f8e22c54c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2574.064033][ T9344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2574.071989][ T9344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2574.079946][ T9344] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2574.087935][ T9344] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e22c556d4 [ 2574.095890][ T9344] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2574.107187][ T9344] memory: usage 6828kB, limit 0kB, failcnt 5046 [ 2574.113477][ T9344] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2574.120377][ T9344] Memory cgroup stats for /syz2: [ 2574.120564][ T9344] anon 6463488 [ 2574.120564][ T9344] file 20480 [ 2574.120564][ T9344] kernel_stack 36864 [ 2574.120564][ T9344] slab 241664 [ 2574.120564][ T9344] sock 0 [ 2574.120564][ T9344] shmem 0 [ 2574.120564][ T9344] file_mapped 0 [ 2574.120564][ T9344] file_dirty 0 [ 2574.120564][ T9344] file_writeback 0 [ 2574.120564][ T9344] anon_thp 6291456 [ 2574.120564][ T9344] inactive_anon 135168 [ 2574.120564][ T9344] active_anon 6463488 [ 2574.120564][ T9344] inactive_file 20480 [ 2574.120564][ T9344] active_file 0 [ 2574.120564][ T9344] unevictable 0 [ 2574.120564][ T9344] slab_reclaimable 135168 [ 2574.120564][ T9344] slab_unreclaimable 106496 [ 2574.120564][ T9344] pgfault 110946 [ 2574.120564][ T9344] pgmajfault 0 [ 2574.120564][ T9344] workingset_refault 0 [ 2574.120564][ T9344] workingset_activate 0 [ 2574.120564][ T9344] workingset_nodereclaim 2112 [ 2574.120564][ T9344] pgrefill 86466 [ 2574.120564][ T9344] pgscan 689041 [ 2574.120564][ T9344] pgsteal 217771 [ 2574.214234][ T9344] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9340,uid=0 [ 2574.230241][ T9344] Memory cgroup out of memory: Killed process 9340 (syz-executor.2) total-vm:72852kB, anon-rss:6236kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2574.249512][ T1062] oom_reaper: reaped process 9340 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:25 executing program 4: 07:51:25 executing program 3: 07:51:25 executing program 0: 07:51:25 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:25 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2574.332421][ T9334] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2574.355011][ T9334] CPU: 0 PID: 9334 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2574.362972][ T9334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2574.373039][ T9334] Call Trace: [ 2574.376357][ T9334] dump_stack+0xf5/0x159 [ 2574.380629][ T9334] dump_header+0xaa/0x449 [ 2574.385038][ T9334] oom_kill_process.cold+0x10/0x15 [ 2574.390171][ T9334] out_of_memory+0x231/0xa00 [ 2574.394791][ T9334] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2574.400453][ T9334] mem_cgroup_out_of_memory+0x128/0x150 [ 2574.406029][ T9334] try_charge+0xb3a/0xbc0 [ 2574.410384][ T9334] ? rcu_note_context_switch+0x700/0x760 [ 2574.416154][ T9334] mem_cgroup_try_charge+0xd2/0x260 [ 2574.421372][ T9334] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2574.427072][ T9334] __handle_mm_fault+0x179a/0x2cb0 [ 2574.432225][ T9334] handle_mm_fault+0x21b/0x530 [ 2574.437150][ T9334] __do_page_fault+0x3fb/0x9e0 [ 2574.441947][ T9334] do_page_fault+0x54/0x233 [ 2574.446537][ T9334] ? do_syscall_64+0x270/0x370 [ 2574.451321][ T9334] page_fault+0x34/0x40 [ 2574.455484][ T9334] RIP: 0033:0x403a42 [ 2574.459485][ T9334] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 19 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 39 44 05 00 48 07:51:25 executing program 4: [ 2574.479105][ T9334] RSP: 002b:00007ffd42d92ea0 EFLAGS: 00010246 [ 2574.485189][ T9334] RAX: 0000000000000000 RBX: 00000000002745f4 RCX: 00000000004139f0 [ 2574.493181][ T9334] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd42d93fd0 [ 2574.501168][ T9334] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000cec940 [ 2574.509174][ T9334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd42d93fd0 [ 2574.517155][ T9334] R13: 00007ffd42d93fc0 R14: 0000000000000000 R15: 00007ffd42d93fd0 07:51:25 executing program 3: [ 2574.602888][ T25] audit: type=1804 audit(1572076285.381:181): pid=9352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2317/bus" dev="sda1" ino=16609 res=1 07:51:25 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x2f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3c, &(0x7f00000001c0), &(0x7f0000000200)=0x4) [ 2574.706374][ T25] audit: type=1804 audit(1572076285.381:182): pid=9352 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2317/bus" dev="sda1" ino=16609 res=1 [ 2574.755031][ T9334] memory: usage 368kB, limit 0kB, failcnt 5055 [ 2574.763554][ T9334] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:51:25 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x187001) 07:51:25 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000003c0)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="7e0e4854255ef93f859ae027b6be00521e3b1aad053dc56394b68e3f379155e4e8e1c55fdd08578b959ffa316b5911c963c57f7ed6cfbd6e3d94d577d43fa89ec2c85b9a6c0d8c898e82cd1505e9beb5072b01a7f8523a93073c4b2c90bd4c0e8b3f56b234e9258f0aa0b43c770d31bed5039413baaef523c8ffa41ba313d35c3ed1fdafd729fb75c3f4035feb4d96b326b3eb99073451214500d35b9dd0bf67464a2184d2b1f78c05f312e50182e0", 0xaf}, {&(0x7f0000000000)="387f2e8d6411d1e6baaec345b4b56f44aa", 0x11}], 0x2}], 0x1, 0x0) 07:51:25 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2575.092742][ T9334] Memory cgroup stats for /syz2: [ 2575.093035][ T9334] anon 86016 [ 2575.093035][ T9334] file 20480 [ 2575.093035][ T9334] kernel_stack 0 [ 2575.093035][ T9334] slab 241664 [ 2575.093035][ T9334] sock 0 [ 2575.093035][ T9334] shmem 0 [ 2575.093035][ T9334] file_mapped 0 [ 2575.093035][ T9334] file_dirty 0 [ 2575.093035][ T9334] file_writeback 0 [ 2575.093035][ T9334] anon_thp 0 [ 2575.093035][ T9334] inactive_anon 135168 [ 2575.093035][ T9334] active_anon 86016 [ 2575.093035][ T9334] inactive_file 20480 [ 2575.093035][ T9334] active_file 0 [ 2575.093035][ T9334] unevictable 0 [ 2575.093035][ T9334] slab_reclaimable 135168 [ 2575.093035][ T9334] slab_unreclaimable 106496 [ 2575.093035][ T9334] pgfault 110946 [ 2575.093035][ T9334] pgmajfault 0 [ 2575.093035][ T9334] workingset_refault 0 [ 2575.093035][ T9334] workingset_activate 0 [ 2575.093035][ T9334] workingset_nodereclaim 2112 [ 2575.093035][ T9334] pgrefill 86466 [ 2575.093035][ T9334] pgscan 689041 [ 2575.093035][ T9334] pgsteal 217771 [ 2575.093035][ T9334] pgactivate 193083 [ 2575.241241][ T9334] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9334,uid=0 [ 2575.261261][ T9334] Memory cgroup out of memory: Killed process 9334 (syz-executor.2) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2575.316324][ T1062] oom_reaper: reaped process 9334 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2575.361363][ T25] audit: type=1804 audit(1572076286.141:183): pid=9371 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2318/bus" dev="sda1" ino=16657 res=1 [ 2575.484280][ T25] audit: type=1804 audit(1572076286.201:184): pid=9371 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2318/bus" dev="sda1" ino=16657 res=1 07:51:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:26 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940)='/dev/net/tun\x00', 0x1c3c01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940)='/dev/net/tun\x00', 0x1c3c01, 0x0) close(r1) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f00000001c0)={'team_slave_1\x00', @local}) close(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940)='/dev/net/tun\x00', 0x1c3c01, 0x0) close(r2) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000000)=0x5) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xab1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd6a) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f00000004c0)) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') 07:51:26 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xe0}, [@ldst]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) 07:51:26 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x800002, 0x11, r1, 0x0) readv(r0, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x30e) [ 2576.326149][T26081] device bridge_slave_1 left promiscuous mode [ 2576.332359][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2576.385980][T26081] device bridge_slave_0 left promiscuous mode [ 2576.392194][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2577.245255][T26081] device hsr_slave_0 left promiscuous mode [ 2577.284961][T26081] device hsr_slave_1 left promiscuous mode [ 2577.363440][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2577.374289][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2577.386641][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2577.438701][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2577.520326][T26081] bond0 (unregistering): Released all slaves [ 2577.634400][ T9388] IPVS: ftp: loaded support on port[0] = 21 [ 2577.697963][ T9388] chnl_net:caif_netlink_parms(): no params data found [ 2577.728397][ T9388] bridge0: port 1(bridge_slave_0) entered blocking state [ 2577.735636][ T9388] bridge0: port 1(bridge_slave_0) entered disabled state [ 2577.743456][ T9388] device bridge_slave_0 entered promiscuous mode [ 2577.751134][ T9388] bridge0: port 2(bridge_slave_1) entered blocking state [ 2577.758309][ T9388] bridge0: port 2(bridge_slave_1) entered disabled state [ 2577.766459][ T9388] device bridge_slave_1 entered promiscuous mode [ 2577.838400][ T9388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2577.853533][ T9388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2577.882582][ T9388] team0: Port device team_slave_0 added [ 2577.893192][ T9388] team0: Port device team_slave_1 added [ 2577.978174][ T9388] device hsr_slave_0 entered promiscuous mode [ 2578.015353][ T9388] device hsr_slave_1 entered promiscuous mode [ 2578.054975][ T9388] debugfs: Directory 'hsr0' with parent '/' already present! [ 2578.076802][ T9388] bridge0: port 2(bridge_slave_1) entered blocking state [ 2578.084052][ T9388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2578.091550][ T9388] bridge0: port 1(bridge_slave_0) entered blocking state [ 2578.098683][ T9388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2578.153056][ T9388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2578.172073][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2578.181751][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2578.195646][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2578.215958][ T9388] 8021q: adding VLAN 0 to HW filter on device team0 [ 2578.232755][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2578.241889][ T9174] bridge0: port 1(bridge_slave_0) entered blocking state [ 2578.249057][ T9174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2578.284646][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2578.293553][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2578.300685][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2578.317039][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2578.330460][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2578.352132][ T9388] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2578.362622][ T9388] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2578.380390][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2578.389744][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2578.398684][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2578.408331][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2578.425855][ T9388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2578.808057][ T9396] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2578.820864][ T9396] CPU: 0 PID: 9396 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2578.828747][ T9396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2578.838812][ T9396] Call Trace: [ 2578.842144][ T9396] dump_stack+0xf5/0x159 [ 2578.846407][ T9396] dump_header+0xaa/0x449 [ 2578.850793][ T9396] oom_kill_process.cold+0x10/0x15 [ 2578.855986][ T9396] out_of_memory+0x231/0xa00 [ 2578.860583][ T9396] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2578.866234][ T9396] mem_cgroup_out_of_memory+0x128/0x150 [ 2578.871915][ T9396] try_charge+0xb3a/0xbc0 [ 2578.876261][ T9396] ? rcu_note_context_switch+0x700/0x760 [ 2578.882043][ T9396] mem_cgroup_try_charge+0xd2/0x260 [ 2578.887282][ T9396] __add_to_page_cache_locked+0x163/0x780 [ 2578.893077][ T9396] ? __read_once_size.constprop.0+0x20/0x20 [ 2578.898979][ T9396] add_to_page_cache_lru+0xe2/0x2d0 [ 2578.904193][ T9396] pagecache_get_page+0x2ab/0x760 [ 2578.909235][ T9396] grab_cache_page_write_begin+0x5d/0x90 [ 2578.914881][ T9396] ext4_da_write_begin+0x175/0x7e0 [ 2578.920000][ T9396] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2578.925642][ T9396] generic_perform_write+0x136/0x320 [ 2578.930952][ T9396] __generic_file_write_iter+0x251/0x380 [ 2578.936666][ T9396] ext4_file_write_iter+0x1bd/0xa00 [ 2578.941922][ T9396] new_sync_write+0x388/0x4a0 [ 2578.946617][ T9396] __vfs_write+0xb1/0xc0 [ 2578.950915][ T9396] vfs_write+0x18a/0x390 [ 2578.955168][ T9396] ksys_write+0xd5/0x1b0 [ 2578.959423][ T9396] __x64_sys_write+0x4c/0x60 [ 2578.964065][ T9396] do_syscall_64+0xcc/0x370 [ 2578.968589][ T9396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2578.974488][ T9396] RIP: 0033:0x459f39 [ 2578.978500][ T9396] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2578.998182][ T9396] RSP: 002b:00007f3d43334c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2579.006605][ T9396] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2579.014585][ T9396] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2579.022569][ T9396] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2579.030551][ T9396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d433356d4 [ 2579.038689][ T9396] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2579.049650][ T9396] memory: usage 4756kB, limit 0kB, failcnt 5461 [ 2579.055996][ T9396] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2579.062872][ T9396] Memory cgroup stats for /syz1: [ 2579.063077][ T9396] anon 4341760 [ 2579.063077][ T9396] file 225280 [ 2579.063077][ T9396] kernel_stack 36864 [ 2579.063077][ T9396] slab 180224 [ 2579.063077][ T9396] sock 0 [ 2579.063077][ T9396] shmem 0 [ 2579.063077][ T9396] file_mapped 0 [ 2579.063077][ T9396] file_dirty 0 [ 2579.063077][ T9396] file_writeback 0 [ 2579.063077][ T9396] anon_thp 4194304 [ 2579.063077][ T9396] inactive_anon 0 [ 2579.063077][ T9396] active_anon 4341760 [ 2579.063077][ T9396] inactive_file 73728 [ 2579.063077][ T9396] active_file 114688 [ 2579.063077][ T9396] unevictable 0 [ 2579.063077][ T9396] slab_reclaimable 135168 [ 2579.063077][ T9396] slab_unreclaimable 45056 [ 2579.063077][ T9396] pgfault 101838 [ 2579.063077][ T9396] pgmajfault 0 [ 2579.063077][ T9396] workingset_refault 0 [ 2579.063077][ T9396] workingset_activate 0 [ 2579.063077][ T9396] workingset_nodereclaim 1683 [ 2579.063077][ T9396] pgrefill 57148 [ 2579.063077][ T9396] pgscan 573102 [ 2579.063077][ T9396] pgsteal 198358 [ 2579.156974][ T9396] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9394,uid=0 [ 2579.175537][ T9396] Memory cgroup out of memory: Killed process 9394 (syz-executor.1) total-vm:72720kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 07:51:30 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:30 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:30 executing program 3: 07:51:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:30 executing program 0: 07:51:30 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x800002, 0x11, r1, 0x0) readv(r0, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x30e) [ 2579.309355][ T9388] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2579.344972][ T9388] CPU: 1 PID: 9388 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2579.352898][ T9388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2579.362962][ T9388] Call Trace: [ 2579.366355][ T9388] dump_stack+0xf5/0x159 [ 2579.370758][ T9388] dump_header+0xaa/0x449 [ 2579.375125][ T9388] oom_kill_process.cold+0x10/0x15 [ 2579.380278][ T9388] out_of_memory+0x231/0xa00 [ 2579.384932][ T9388] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2579.390667][ T9388] mem_cgroup_out_of_memory+0x128/0x150 [ 2579.396284][ T9388] try_charge+0xb3a/0xbc0 [ 2579.400639][ T9388] ? rcu_note_context_switch+0x700/0x760 [ 2579.406307][ T9388] mem_cgroup_try_charge+0xd2/0x260 [ 2579.411615][ T9388] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2579.417288][ T9388] wp_page_copy+0x322/0x1160 [ 2579.421964][ T9388] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2579.427623][ T9388] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2579.433291][ T9388] do_wp_page+0x192/0x11f0 [ 2579.437721][ T9388] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2579.443414][ T9388] __handle_mm_fault+0x1c07/0x2cb0 [ 2579.448593][ T9388] handle_mm_fault+0x21b/0x530 [ 2579.453389][ T9388] __do_page_fault+0x3fb/0x9e0 [ 2579.458260][ T9388] do_page_fault+0x54/0x233 [ 2579.462787][ T9388] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2579.468527][ T9388] page_fault+0x34/0x40 [ 2579.472690][ T9388] RIP: 0033:0x431016 [ 2579.476691][ T9388] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2579.496317][ T9388] RSP: 002b:00007fffa6618200 EFLAGS: 00010206 [ 2579.502397][ T9388] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2579.510380][ T9388] RDX: 0000000001d7c930 RSI: 0000000001d84970 RDI: 0000000000000003 [ 2579.518384][ T9388] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001d7b940 [ 2579.526373][ T9388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2579.534366][ T9388] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2579.563613][ T25] audit: type=1804 audit(1572076290.341:185): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2319/bus" dev="sda1" ino=16644 res=1 07:51:30 executing program 3: [ 2579.644975][ T25] audit: type=1804 audit(1572076290.341:186): pid=9407 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2319/bus" dev="sda1" ino=16644 res=1 07:51:30 executing program 0: 07:51:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2579.814974][ T9388] memory: usage 364kB, limit 0kB, failcnt 5470 [ 2579.822394][ T9388] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2579.847263][ T9388] Memory cgroup stats for /syz1: [ 2579.847468][ T9388] anon 61440 [ 2579.847468][ T9388] file 225280 [ 2579.847468][ T9388] kernel_stack 0 [ 2579.847468][ T9388] slab 180224 [ 2579.847468][ T9388] sock 0 [ 2579.847468][ T9388] shmem 0 [ 2579.847468][ T9388] file_mapped 0 [ 2579.847468][ T9388] file_dirty 0 [ 2579.847468][ T9388] file_writeback 0 [ 2579.847468][ T9388] anon_thp 0 [ 2579.847468][ T9388] inactive_anon 0 [ 2579.847468][ T9388] active_anon 61440 [ 2579.847468][ T9388] inactive_file 73728 [ 2579.847468][ T9388] active_file 114688 [ 2579.847468][ T9388] unevictable 0 [ 2579.847468][ T9388] slab_reclaimable 135168 [ 2579.847468][ T9388] slab_unreclaimable 45056 [ 2579.847468][ T9388] pgfault 101838 [ 2579.847468][ T9388] pgmajfault 0 [ 2579.847468][ T9388] workingset_refault 0 [ 2579.847468][ T9388] workingset_activate 0 [ 2579.847468][ T9388] workingset_nodereclaim 1683 [ 2579.847468][ T9388] pgrefill 57148 [ 2579.847468][ T9388] pgscan 573102 [ 2579.847468][ T9388] pgsteal 198358 [ 2579.847468][ T9388] pgactivate 145761 07:51:30 executing program 0: 07:51:30 executing program 4: [ 2580.001905][ T25] audit: type=1804 audit(1572076290.781:187): pid=9414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2320/bus" dev="sda1" ino=16625 res=1 07:51:30 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000b00)='/dev/input/event#\x00', 0x4, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup2(r1, r0) [ 2580.168718][ T25] audit: type=1804 audit(1572076290.781:188): pid=9414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2320/bus" dev="sda1" ino=16625 res=1 [ 2580.384967][ T9388] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9388,uid=0 [ 2580.517351][ T9388] Memory cgroup out of memory: Killed process 9388 (syz-executor.1) total-vm:72456kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 07:51:31 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2581.085604][T26081] device bridge_slave_1 left promiscuous mode [ 2581.091873][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2581.165953][T26081] device bridge_slave_0 left promiscuous mode [ 2581.172253][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2582.035284][T26081] device hsr_slave_0 left promiscuous mode [ 2582.075056][T26081] device hsr_slave_1 left promiscuous mode [ 2582.132268][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2582.143109][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2582.153983][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2582.189059][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2582.281154][T26081] bond0 (unregistering): Released all slaves [ 2582.374057][ T9426] IPVS: ftp: loaded support on port[0] = 21 [ 2582.437745][ T9426] chnl_net:caif_netlink_parms(): no params data found [ 2582.498628][ T9426] bridge0: port 1(bridge_slave_0) entered blocking state [ 2582.505909][ T9426] bridge0: port 1(bridge_slave_0) entered disabled state [ 2582.513888][ T9426] device bridge_slave_0 entered promiscuous mode [ 2582.526038][ T9426] bridge0: port 2(bridge_slave_1) entered blocking state [ 2582.533175][ T9426] bridge0: port 2(bridge_slave_1) entered disabled state [ 2582.546161][ T9426] device bridge_slave_1 entered promiscuous mode [ 2582.574553][ T9426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2582.590345][ T9426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2582.614445][ T9426] team0: Port device team_slave_0 added [ 2582.621845][ T9426] team0: Port device team_slave_1 added [ 2582.708151][ T9426] device hsr_slave_0 entered promiscuous mode [ 2582.785408][ T9426] device hsr_slave_1 entered promiscuous mode [ 2582.844927][ T9426] debugfs: Directory 'hsr0' with parent '/' already present! [ 2582.866276][ T9426] bridge0: port 2(bridge_slave_1) entered blocking state [ 2582.873418][ T9426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2582.880801][ T9426] bridge0: port 1(bridge_slave_0) entered blocking state [ 2582.887875][ T9426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2582.943110][ T9426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2582.962369][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2582.971777][ T9174] bridge0: port 1(bridge_slave_0) entered disabled state [ 2582.985613][ T9174] bridge0: port 2(bridge_slave_1) entered disabled state [ 2583.006469][ T9426] 8021q: adding VLAN 0 to HW filter on device team0 [ 2583.019380][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2583.028071][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2583.035165][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2583.058126][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2583.067110][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2583.074160][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2583.089911][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2583.101421][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2583.114139][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2583.126780][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2583.139508][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2583.150066][ T9426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2583.173997][ T9426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2583.566838][ T9436] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2583.577699][ T9436] CPU: 1 PID: 9436 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2583.585613][ T9436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2583.595664][ T9436] Call Trace: [ 2583.598956][ T9436] dump_stack+0xf5/0x159 [ 2583.603192][ T9436] dump_header+0xaa/0x449 [ 2583.607513][ T9436] oom_kill_process.cold+0x10/0x15 [ 2583.612617][ T9436] out_of_memory+0x231/0xa00 [ 2583.617203][ T9436] mem_cgroup_out_of_memory+0x128/0x150 [ 2583.622769][ T9436] memory_max_write+0x17b/0x250 [ 2583.627676][ T9436] cgroup_file_write+0x119/0x320 [ 2583.632615][ T9436] ? high_work_func+0x30/0x30 [ 2583.637298][ T9436] kernfs_fop_write+0x1f4/0x2e0 [ 2583.642146][ T9436] ? cgroup_css.part.0+0x90/0x90 [ 2583.647103][ T9436] __vfs_write+0x67/0xc0 [ 2583.651351][ T9436] ? kernfs_seq_show+0xe0/0xe0 [ 2583.656114][ T9436] vfs_write+0x18a/0x390 [ 2583.660372][ T9436] ksys_write+0xd5/0x1b0 [ 2583.664622][ T9436] __x64_sys_write+0x4c/0x60 [ 2583.669231][ T9436] do_syscall_64+0xcc/0x370 [ 2583.673731][ T9436] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2583.679634][ T9436] RIP: 0033:0x459f39 [ 2583.683528][ T9436] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2583.703330][ T9436] RSP: 002b:00007fa0fa485c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2583.711741][ T9436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2583.719706][ T9436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2583.727674][ T9436] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2583.735632][ T9436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0fa4866d4 [ 2583.743588][ T9436] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2583.753388][ T9436] memory: usage 6856kB, limit 0kB, failcnt 5083 [ 2583.760586][ T9436] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2583.767483][ T9436] Memory cgroup stats for /syz2: [ 2583.767667][ T9436] anon 6356992 [ 2583.767667][ T9436] file 98304 [ 2583.767667][ T9436] kernel_stack 73728 [ 2583.767667][ T9436] slab 376832 [ 2583.767667][ T9436] sock 0 [ 2583.767667][ T9436] shmem 0 [ 2583.767667][ T9436] file_mapped 0 [ 2583.767667][ T9436] file_dirty 0 [ 2583.767667][ T9436] file_writeback 0 [ 2583.767667][ T9436] anon_thp 6291456 [ 2583.767667][ T9436] inactive_anon 135168 [ 2583.767667][ T9436] active_anon 6356992 [ 2583.767667][ T9436] inactive_file 98304 [ 2583.767667][ T9436] active_file 16384 [ 2583.767667][ T9436] unevictable 0 [ 2583.767667][ T9436] slab_reclaimable 270336 [ 2583.767667][ T9436] slab_unreclaimable 106496 [ 2583.767667][ T9436] pgfault 111012 [ 2583.767667][ T9436] pgmajfault 0 [ 2583.767667][ T9436] workingset_refault 0 [ 2583.767667][ T9436] workingset_activate 0 [ 2583.767667][ T9436] workingset_nodereclaim 2112 [ 2583.767667][ T9436] pgrefill 87663 [ 2583.767667][ T9436] pgscan 693971 [ 2583.767667][ T9436] pgsteal 219643 [ 2583.861210][ T9436] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9432,uid=0 [ 2583.877193][ T9436] Memory cgroup out of memory: Killed process 9432 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2583.897745][ T1062] oom_reaper: reaped process 9432 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:34 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f00000006c0)={0xffffffffffffffff}) getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, 0x0, &(0x7f00000008c0)) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) io_setup(0x0, 0x0) io_submit(0x0, 0x1, &(0x7f0000000540)=[0x0]) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x16, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r7 = accept$alg(r6, 0x0, 0x0) sendmmsg(r7, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, {0xa, 0x4e23, 0x3, @mcast1}}}, 0x1d, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000180)="f6685cd0fa8a45e4af93847b2f769b459c085235b59d95e3abae492b52be20224bbaeff5679d18ca94a8601d7f5c39ce5a3e97212cc16d0dc76304bcb3208483a156649399620748bd19df0c1caa769079b7570a4acf4ec45b37601e75b44083f9a0038eda1ea70461d0ff27e9d3d3b6b5782a35416783337b86bd6ff248bcebf1003e8cf38e8190d92e53bad534c734cb11de108c12942bd6516c289611bc871e79ebc6b0c513cbb3ef58c7fadeee"}, {&(0x7f00000000c0)="2af39c64d8447d7a709d90b34de573a74dbd7aeb9d02430aa4b9340bf2f868554ba1b9ac70558b0a504869ea55b5fdf0ed4586aad37a60213747044c960ea0f8c083905692b49839bd34eb"}, {&(0x7f00000002c0)="c26c7768a16938e1d14764686c547a1913156125324479764f11c13f3fbd77dbaff8f2fc12b4a554a86c57657060c6cc6f86f18e9aac48d60ac7aa6726adb3c686dde32c120168aaf08697b87aef168d7e619ceacc60f7709d2163"}, {&(0x7f0000000340)="a0d282770dc4f13083da697ff6c4e520d33268f369b0860d33f9930a16c5882e5d88545039e31c310aada06787b720af363cdac2026186ffedc50b20c332d98d868a43a9f976cfc18caf30651c84bebb106ba3105566af4906d3abc1997e7944bdc15ebe57885c795025fef05d224ef8fc49dcd3b70bde1065001c1627307f0a6888749dd01faef3c9c292022de3baf7138d063d53772321c0"}, {&(0x7f0000000400)="18eca0106e18321d2c5d01dc369acfd6475bf9c5292f5c32b0ca3ac0980be6239c4902b2407dd319c64188376e19687b3113c68337445ae9b6f2efbc5e680a5d35a8a16e3c848d93017f1777a4add8ff881fb9fec88fb701df106a6e9abd646fd2158f909e0cf6da3297741145a604219d926162de3ddbd4adc36187132e88b2aa498305421eed57e8d14e9ed7c8a1"}, {&(0x7f00000004c0)="21c2fcb8c6ec7266a5893ed211a5243bd8a533d8923e559cc38e47aadeeb2ddfdd501dff419bb343461e86e8e791849239fe3e0a0ba79e3084574d68a4abe883514dfb733988f398efdfaccbacbc5f506a0ae4ed491b5faa9a5fa03e2f6fd1fd64473e349a53ae5c31421ea013ff2bc4f4777f3206f203033d36ed7478fb5712cb8e48d3635d11c8c2da20b4144073d80f47aa9dd6aa"}, {&(0x7f0000000580)="d7c3dc168addd055f4aba8d31fbb80eef98cfa24b9c49afe1b383434472f3d9dc337bf8a41a43af4387ddc7d4d1792d5a92b3ce696337383ec598afb2e69807aa2506b04c8d73e6a0aa9b22258ff65dbed8794b8c561dc50d93e8e35cdd1bf7707dcbc9be0181ba949d1b2a5dee5837e9674e2904c5a4e44d5888295a91884670d332f58a85e9e2aee33b13a2f2822fdbbfee5cc41d6f3787e22a0774e5fa574c9f9f067de5569b20c31a7fd7558243db750e072ba70"}], 0x0, &(0x7f0000007b00)}}], 0x342, 0x82) open_by_handle_at(r7, &(0x7f00000001c0)={0xb, 0x0, 'R?U'}, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) accept$alg(r8, 0x0, 0x0) dup2(r7, 0xffffffffffffffff) 07:51:34 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 07:51:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:51:34 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2584.004759][ T9426] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2584.032263][ T9426] CPU: 0 PID: 9426 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2584.040140][ T9426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2584.046341][ T25] audit: type=1804 audit(1572076294.831:189): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2321/bus" dev="sda1" ino=16563 res=1 [ 2584.050205][ T9426] Call Trace: [ 2584.050405][ T9426] dump_stack+0xf5/0x159 [ 2584.082386][ T9426] dump_header+0xaa/0x449 [ 2584.086806][ T9426] oom_kill_process.cold+0x10/0x15 [ 2584.091977][ T9426] out_of_memory+0x231/0xa00 [ 2584.096590][ T9426] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2584.102266][ T9426] mem_cgroup_out_of_memory+0x128/0x150 [ 2584.107851][ T9426] try_charge+0xb3a/0xbc0 [ 2584.112234][ T9426] ? rcu_note_context_switch+0x700/0x760 [ 2584.117896][ T9426] mem_cgroup_try_charge+0xd2/0x260 [ 2584.123185][ T9426] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2584.123983][ T25] audit: type=1804 audit(1572076294.861:190): pid=9438 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2321/bus" dev="sda1" ino=16563 res=1 [ 2584.128848][ T9426] wp_page_copy+0x322/0x1160 [ 2584.128872][ T9426] ? __udelay+0x10/0x20 [ 2584.128917][ T9426] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2584.167363][ T9426] do_wp_page+0x192/0x11f0 [ 2584.171871][ T9426] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2584.177575][ T9426] __handle_mm_fault+0x1c07/0x2cb0 [ 2584.182734][ T9426] handle_mm_fault+0x21b/0x530 [ 2584.187538][ T9426] __do_page_fault+0x3fb/0x9e0 [ 2584.192386][ T9426] do_page_fault+0x54/0x233 [ 2584.196952][ T9426] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2584.202767][ T9426] page_fault+0x34/0x40 [ 2584.206965][ T9426] RIP: 0033:0x431016 [ 2584.210890][ T9426] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2584.230519][ T9426] RSP: 002b:00007ffe1bc970e0 EFLAGS: 00010206 [ 2584.236612][ T9426] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2584.244607][ T9426] RDX: 0000000001d79930 RSI: 0000000001d81970 RDI: 0000000000000003 07:51:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2584.252597][ T9426] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001d78940 [ 2584.260585][ T9426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2584.268654][ T9426] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2584.314997][ T9426] memory: usage 400kB, limit 0kB, failcnt 5092 [ 2584.321309][ T9426] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2584.333475][ T9426] Memory cgroup stats for /syz2: [ 2584.333745][ T9426] anon 0 [ 2584.333745][ T9426] file 98304 [ 2584.333745][ T9426] kernel_stack 36864 [ 2584.333745][ T9426] slab 376832 [ 2584.333745][ T9426] sock 0 [ 2584.333745][ T9426] shmem 0 [ 2584.333745][ T9426] file_mapped 0 [ 2584.333745][ T9426] file_dirty 0 [ 2584.333745][ T9426] file_writeback 0 [ 2584.333745][ T9426] anon_thp 0 [ 2584.333745][ T9426] inactive_anon 135168 [ 2584.333745][ T9426] active_anon 0 [ 2584.333745][ T9426] inactive_file 98304 [ 2584.333745][ T9426] active_file 16384 [ 2584.333745][ T9426] unevictable 0 [ 2584.333745][ T9426] slab_reclaimable 270336 [ 2584.333745][ T9426] slab_unreclaimable 106496 [ 2584.333745][ T9426] pgfault 111012 [ 2584.333745][ T9426] pgmajfault 0 [ 2584.333745][ T9426] workingset_refault 0 [ 2584.333745][ T9426] workingset_activate 0 [ 2584.333745][ T9426] workingset_nodereclaim 2145 [ 2584.333745][ T9426] pgrefill 87663 [ 2584.333745][ T9426] pgscan 693971 [ 2584.333745][ T9426] pgsteal 219643 [ 2584.333745][ T9426] pgactivate 195261 [ 2584.563754][ T25] audit: type=1804 audit(1572076295.341:191): pid=9452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2322/bus" dev="sda1" ino=16801 res=1 [ 2584.651810][ T25] audit: type=1804 audit(1572076295.341:192): pid=9452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2322/bus" dev="sda1" ino=16801 res=1 07:51:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, 0x0, 0x0) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2584.834008][ T9426] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9426,uid=0 07:51:35 executing program 4: creat(&(0x7f00000013c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 07:51:35 executing program 3: syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000040)) socketpair(0x0, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000180)) socket(0x11, 0x80a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 07:51:35 executing program 0: [ 2585.107653][ T25] audit: type=1804 audit(1572076295.891:193): pid=9459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2323/bus" dev="sda1" ino=16753 res=1 [ 2585.232033][ T25] audit: type=1804 audit(1572076295.931:194): pid=9459 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2323/bus" dev="sda1" ino=16753 res=1 07:51:36 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003400000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe000000008500000026000000b700000000002100950000000000000055a5d62ea931b3963aeb81b01f34f51b86877d0cf07f92ceda9968cc7dcebb5129514ade975d251741357f97aa393cca4193123ed1b298eac97ffcf5331222e4e9a2298ebd6166208dc6cf51dc49c2d29c95dc0ab1db4e928e13759cf12ed63e87695da67646a1eeb1862336d80b4f740854c2bd00655144fc1436b1b3b68682ad104efad8c5464f95f7694c543d9dbe170d517a75ee7ae715644bb43da0a024559499a2e635a71500cdf209974dceb0505462bd2afc22f1be89822e2f55bfff0c454f5cc272123df59bd52067e4591e7648bb42ae007d9e35d02871bc0ac37c5fe628041f2c2a71fea706e0107ddfb8ce0931a42c0aa0651167e6404138ede9213c4a4df03539a38e3f57d6ae1b49948986221f38a4811c5b11544d146300"/410], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000ac0)={r0, 0x0, 0x39a, 0x0, &(0x7f00000005c0)="3104e4a5a2886aa1a30600008e00", 0x0, 0x103}, 0x28) [ 2585.423908][ T9426] Memory cgroup out of memory: Killed process 9426 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2585.523067][ T1062] oom_reaper: reaped process 9426 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:36 executing program 4: creat(&(0x7f00000013c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 07:51:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast1, @local}, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10) 07:51:36 executing program 3: syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000040)) socketpair(0x0, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000180)) socket(0x11, 0x80a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 07:51:36 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, 0x0, 0x0) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2585.959736][ T25] audit: type=1804 audit(1572076296.741:195): pid=9477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2324/bus" dev="sda1" ino=16627 res=1 [ 2586.006747][ T25] audit: type=1804 audit(1572076296.741:196): pid=9477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2324/bus" dev="sda1" ino=16627 res=1 [ 2586.395750][T26081] device bridge_slave_1 left promiscuous mode [ 2586.402021][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2586.465648][T26081] device bridge_slave_0 left promiscuous mode [ 2586.472002][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2587.345269][T26081] device hsr_slave_0 left promiscuous mode [ 2587.405042][T26081] device hsr_slave_1 left promiscuous mode [ 2587.453282][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2587.463871][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2587.474313][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2587.530129][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2587.611826][T26081] bond0 (unregistering): Released all slaves [ 2587.732842][ T9492] IPVS: ftp: loaded support on port[0] = 21 [ 2587.797096][ T9492] chnl_net:caif_netlink_parms(): no params data found [ 2587.828046][ T9492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2587.835369][ T9492] bridge0: port 1(bridge_slave_0) entered disabled state [ 2587.843127][ T9492] device bridge_slave_0 entered promiscuous mode [ 2587.850841][ T9492] bridge0: port 2(bridge_slave_1) entered blocking state [ 2587.858091][ T9492] bridge0: port 2(bridge_slave_1) entered disabled state [ 2587.866216][ T9492] device bridge_slave_1 entered promiscuous mode [ 2587.944668][ T9492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2587.960299][ T9492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2587.990239][ T9492] team0: Port device team_slave_0 added [ 2588.001143][ T9492] team0: Port device team_slave_1 added [ 2588.078105][ T9492] device hsr_slave_0 entered promiscuous mode [ 2588.115398][ T9492] device hsr_slave_1 entered promiscuous mode [ 2588.155020][ T9492] debugfs: Directory 'hsr0' with parent '/' already present! [ 2588.176170][ T9492] bridge0: port 2(bridge_slave_1) entered blocking state [ 2588.183312][ T9492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2588.190715][ T9492] bridge0: port 1(bridge_slave_0) entered blocking state [ 2588.197803][ T9492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2588.251934][ T9492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2588.265776][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2588.280039][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2588.288891][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2588.309092][ T9492] 8021q: adding VLAN 0 to HW filter on device team0 [ 2588.326233][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2588.334635][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2588.341705][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2588.371778][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2588.381504][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2588.388582][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2588.404189][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2588.421786][ T9492] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2588.438096][ T9492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2588.454430][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2588.468664][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2588.481321][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2588.492849][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2588.512585][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2588.522344][ T9492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2588.998302][ T9502] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2589.015562][ T9502] CPU: 0 PID: 9502 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2589.023489][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2589.033558][ T9502] Call Trace: [ 2589.036847][ T9502] dump_stack+0xf5/0x159 [ 2589.041128][ T9502] dump_header+0xaa/0x449 [ 2589.045526][ T9502] oom_kill_process.cold+0x10/0x15 [ 2589.050666][ T9502] out_of_memory+0x231/0xa00 [ 2589.055292][ T9502] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.060974][ T9502] mem_cgroup_out_of_memory+0x128/0x150 [ 2589.066580][ T9502] try_charge+0xb3a/0xbc0 [ 2589.070904][ T9502] ? rcu_note_context_switch+0x700/0x760 [ 2589.076532][ T9502] mem_cgroup_try_charge+0xd2/0x260 [ 2589.081825][ T9502] __add_to_page_cache_locked+0x163/0x780 [ 2589.087617][ T9502] ? __read_once_size.constprop.0+0x20/0x20 [ 2589.093534][ T9502] add_to_page_cache_lru+0xe2/0x2d0 [ 2589.098731][ T9502] pagecache_get_page+0x2ab/0x760 [ 2589.103884][ T9502] grab_cache_page_write_begin+0x5d/0x90 [ 2589.109507][ T9502] ext4_da_write_begin+0x175/0x7e0 [ 2589.114662][ T9502] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.120286][ T9502] generic_perform_write+0x136/0x320 [ 2589.125611][ T9502] __generic_file_write_iter+0x251/0x380 [ 2589.131238][ T9502] ext4_file_write_iter+0x1bd/0xa00 [ 2589.136522][ T9502] new_sync_write+0x388/0x4a0 [ 2589.141249][ T9502] __vfs_write+0xb1/0xc0 [ 2589.145498][ T9502] vfs_write+0x18a/0x390 [ 2589.149827][ T9502] ksys_write+0xd5/0x1b0 [ 2589.154080][ T9502] __x64_sys_write+0x4c/0x60 [ 2589.158760][ T9502] do_syscall_64+0xcc/0x370 [ 2589.163352][ T9502] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2589.169261][ T9502] RIP: 0033:0x459f39 [ 2589.173176][ T9502] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2589.192789][ T9502] RSP: 002b:00007f1e6e208c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2589.201190][ T9502] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2589.209237][ T9502] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2589.217205][ T9502] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2589.225230][ T9502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e6e2096d4 [ 2589.233293][ T9502] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2589.241888][ T9502] memory: usage 4756kB, limit 0kB, failcnt 5500 [ 2589.248229][ T9502] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2589.255128][ T9502] Memory cgroup stats for /syz1: [ 2589.255337][ T9502] anon 4313088 [ 2589.255337][ T9502] file 147456 [ 2589.255337][ T9502] kernel_stack 36864 [ 2589.255337][ T9502] slab 180224 [ 2589.255337][ T9502] sock 0 [ 2589.255337][ T9502] shmem 0 [ 2589.255337][ T9502] file_mapped 0 [ 2589.255337][ T9502] file_dirty 0 [ 2589.255337][ T9502] file_writeback 0 [ 2589.255337][ T9502] anon_thp 4194304 [ 2589.255337][ T9502] inactive_anon 0 [ 2589.255337][ T9502] active_anon 4313088 [ 2589.255337][ T9502] inactive_file 151552 [ 2589.255337][ T9502] active_file 114688 [ 2589.255337][ T9502] unevictable 0 [ 2589.255337][ T9502] slab_reclaimable 135168 [ 2589.255337][ T9502] slab_unreclaimable 45056 [ 2589.255337][ T9502] pgfault 101904 [ 2589.255337][ T9502] pgmajfault 0 [ 2589.255337][ T9502] workingset_refault 0 [ 2589.255337][ T9502] workingset_activate 0 [ 2589.255337][ T9502] workingset_nodereclaim 1683 [ 2589.255337][ T9502] pgrefill 57182 [ 2589.255337][ T9502] pgscan 576866 [ 2589.255337][ T9502] pgsteal 199932 [ 2589.348637][ T9502] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9501,uid=0 [ 2589.364137][ T9502] Memory cgroup out of memory: Killed process 9501 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2589.384255][ T1062] oom_reaper: reaped process 9501 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:40 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:40 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, 0x0, 0x0) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0xb4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = dup(r0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000a00000000000000ff0200000000000000000000000000010000000000a58440d87a707916000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000e24f37e700000000000000000000000000000000000100"/124], 0x90) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 07:51:40 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:40 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = open(0x0, 0x10000, 0x8) pipe(&(0x7f0000000300)={0xffffffffffffffff}) getsockopt$inet_udp_int(r1, 0x11, 0x0, 0x0, 0x0) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) accept4$packet(r0, 0x0, 0x0, 0x80000) ustat(0x6, &(0x7f0000000040)) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0xfffffffffffffe12) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000480)='/dev/full\x00', 0x0, 0x0) ioctl$KDSIGACCEPT(r5, 0x4b4e, 0x6) ioctl$sock_ifreq(0xffffffffffffffff, 0x19bbd, 0x0) epoll_ctl$EPOLL_CTL_DEL(r5, 0x2, 0xffffffffffffffff) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) prctl$PR_GET_THP_DISABLE(0x2a) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f00000001c0), 0xfffffef3) ioctl$TIOCSSOFTCAR(r6, 0x541a, &(0x7f0000000140)=0xf2) bind$inet(r4, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r7, 0x0, 0x0) ioctl$UI_DEV_SETUP(r7, 0x5501, 0x0) readv(r7, &(0x7f0000000080)=[{&(0x7f0000000180)=""/241, 0x10}], 0x20000000000002f4) write$uinput_user_dev(r7, &(0x7f0000000880)={'syz1\x00\x00\x00\x00\x04\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x45c) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001840)=ANY=[@ANYRES64=r7], 0x1) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) clone(0x0, &(0x7f0000000140), &(0x7f00000001c0), &(0x7f0000001400), 0x0) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4) connect$unix(r3, 0x0, 0x0) write$binfmt_elf64(r4, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) shutdown(r4, 0x1) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) recvmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa4756f}, 0x100) write(r3, &(0x7f00000001c0), 0xfffffef3) read(r2, &(0x7f0000000200)=""/250, 0xfffffffffffffee3) 07:51:40 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f00000004c0), 0x400000000000251, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x1000000000004e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 2589.495432][ T9492] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2589.522812][ T9492] CPU: 0 PID: 9492 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2589.530764][ T9492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2589.541179][ T9492] Call Trace: [ 2589.542775][ T25] audit: type=1804 audit(1572076300.321:197): pid=9505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2325/bus" dev="sda1" ino=16644 res=1 [ 2589.544517][ T9492] dump_stack+0xf5/0x159 [ 2589.544556][ T9492] dump_header+0xaa/0x449 [ 2589.544602][ T9492] oom_kill_process.cold+0x10/0x15 [ 2589.582736][ T9492] out_of_memory+0x231/0xa00 [ 2589.587371][ T9492] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.593052][ T9492] mem_cgroup_out_of_memory+0x128/0x150 [ 2589.598640][ T9492] try_charge+0xb3a/0xbc0 [ 2589.603020][ T9492] ? rcu_note_context_switch+0x700/0x760 [ 2589.608747][ T9492] mem_cgroup_try_charge+0xd2/0x260 [ 2589.613978][ T9492] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2589.615317][ T25] audit: type=1804 audit(1572076300.361:198): pid=9505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2325/bus" dev="sda1" ino=16644 res=1 [ 2589.619781][ T9492] wp_page_copy+0x322/0x1160 [ 2589.619822][ T9492] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.653987][ T9492] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.659652][ T9492] do_wp_page+0x192/0x11f0 [ 2589.664150][ T9492] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2589.669809][ T9492] __handle_mm_fault+0x1c07/0x2cb0 [ 2589.674980][ T9492] handle_mm_fault+0x21b/0x530 [ 2589.679779][ T9492] __do_page_fault+0x3fb/0x9e0 [ 2589.684645][ T9492] do_page_fault+0x54/0x233 [ 2589.689229][ T9492] ? prepare_exit_to_usermode+0x154/0x1a0 07:51:40 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2589.694977][ T9492] page_fault+0x34/0x40 [ 2589.699145][ T9492] RIP: 0033:0x431016 [ 2589.703073][ T9492] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2589.722695][ T9492] RSP: 002b:00007ffecdb76160 EFLAGS: 00010206 [ 2589.728888][ T9492] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2589.736875][ T9492] RDX: 0000000001eca930 RSI: 0000000001ed2970 RDI: 0000000000000003 [ 2589.744864][ T9492] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001ec9940 [ 2589.752902][ T9492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2589.760911][ T9492] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2589.826597][ T9525] ptrace attach of "/root/syz-executor.4"[9521] was attempted by "/root/syz-executor.4"[9525] [ 2589.885695][ T25] audit: type=1804 audit(1572076300.671:199): pid=9524 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2326/bus" dev="sda1" ino=16644 res=1 [ 2589.938329][ T25] audit: type=1804 audit(1572076300.701:200): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2326/bus" dev="sda1" ino=16644 res=1 07:51:40 executing program 4: [ 2590.009815][ T9492] memory: usage 368kB, limit 0kB, failcnt 5515 [ 2590.031509][ T9492] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2590.063979][ T9492] Memory cgroup stats for /syz1: [ 2590.064451][ T9492] anon 40960 [ 2590.064451][ T9492] file 147456 [ 2590.064451][ T9492] kernel_stack 0 [ 2590.064451][ T9492] slab 180224 [ 2590.064451][ T9492] sock 0 [ 2590.064451][ T9492] shmem 0 [ 2590.064451][ T9492] file_mapped 0 [ 2590.064451][ T9492] file_dirty 0 [ 2590.064451][ T9492] file_writeback 0 [ 2590.064451][ T9492] anon_thp 0 [ 2590.064451][ T9492] inactive_anon 0 [ 2590.064451][ T9492] active_anon 40960 [ 2590.064451][ T9492] inactive_file 151552 07:51:40 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2590.064451][ T9492] active_file 114688 [ 2590.064451][ T9492] unevictable 0 [ 2590.064451][ T9492] slab_reclaimable 135168 [ 2590.064451][ T9492] slab_unreclaimable 45056 [ 2590.064451][ T9492] pgfault 101937 [ 2590.064451][ T9492] pgmajfault 0 [ 2590.064451][ T9492] workingset_refault 0 [ 2590.064451][ T9492] workingset_activate 0 [ 2590.064451][ T9492] workingset_nodereclaim 1683 [ 2590.064451][ T9492] pgrefill 57182 [ 2590.064451][ T9492] pgscan 576866 [ 2590.064451][ T9492] pgsteal 199932 [ 2590.064451][ T9492] pgactivate 146454 07:51:41 executing program 4: [ 2590.273448][ T9492] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9492,uid=0 [ 2590.301286][ T9492] Memory cgroup out of memory: Killed process 9492 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2590.314200][ T25] audit: type=1804 audit(1572076301.091:201): pid=9532 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2327/bus" dev="sda1" ino=16634 res=1 [ 2590.363043][ T1062] oom_reaper: reaped process 9492 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2590.461373][ T25] audit: type=1804 audit(1572076301.161:202): pid=9536 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2327/bus" dev="sda1" ino=16634 res=1 07:51:41 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001400)=ANY=[@ANYBLOB="d3d2b93c38f19c0400cd8034"], 0xc}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="ea0000008000000000cbc624877c8252c28f5e87a64820546a1ebe1f6adb3b91e7f1ffd7e4ab569f8eb9808e0b61a0bf7a301ffe8dac0773d9e5411b2b25f3fbc7cf9482c1f0d81a590ed76f2c4af37b968e2f3323d61ca62ef8d48f42ffd913acf060c10300000882fc399eaab8787f0dd1510490b0f420326bcc4e2b65e7c68bacee7877a6274d908e5a5d512b87ed3eb24d00d331edbedf8a03a722ffa87cc2dfec4758b087c23cc9c50100fea942494855d4bd5e134ea09f5ff4e50fcdfd6dd69127a2525f98d187069e1bb0ae3723ecfd2c0dec1629f66d1a941a280257a4f558c01e6b2fe7d18bfb59b210d5547065e1575c4de365", @ANYPTR64, @ANYRESOCT, @ANYRESOCT], 0x0, 0x12e}, 0x20) tkill(r0, 0x39) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:51:41 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ppoll(&(0x7f0000000100)=[{r0}], 0x1, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0) 07:51:41 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:41 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x0, 0x0, 0x0) splice(r2, 0x0, r1, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) finit_module(r0, &(0x7f0000000100)='\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001ff) ioctl$RTC_AIE_ON(r4, 0x7001) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) 07:51:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(0xffffffffffffffff) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2591.026576][ T25] audit: type=1804 audit(1572076301.811:203): pid=9552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2328/bus" dev="sda1" ino=16673 res=1 [ 2591.081710][ T25] audit: type=1804 audit(1572076301.841:204): pid=9552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2328/bus" dev="sda1" ino=16673 res=1 [ 2591.515570][T26081] device bridge_slave_1 left promiscuous mode [ 2591.522582][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2591.565954][T26081] device bridge_slave_0 left promiscuous mode [ 2591.572187][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2592.425233][T26081] device hsr_slave_0 left promiscuous mode [ 2592.475071][T26081] device hsr_slave_1 left promiscuous mode [ 2592.542362][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2592.554466][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2592.565267][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2592.610518][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2592.680795][T26081] bond0 (unregistering): Released all slaves [ 2592.764470][ T9560] IPVS: ftp: loaded support on port[0] = 21 [ 2592.827052][ T9560] chnl_net:caif_netlink_parms(): no params data found [ 2592.859422][ T9560] bridge0: port 1(bridge_slave_0) entered blocking state [ 2592.866746][ T9560] bridge0: port 1(bridge_slave_0) entered disabled state [ 2592.874479][ T9560] device bridge_slave_0 entered promiscuous mode [ 2592.882332][ T9560] bridge0: port 2(bridge_slave_1) entered blocking state [ 2592.889890][ T9560] bridge0: port 2(bridge_slave_1) entered disabled state [ 2592.898137][ T9560] device bridge_slave_1 entered promiscuous mode [ 2592.916524][ T9560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2592.927695][ T9560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2592.986527][ T9560] team0: Port device team_slave_0 added [ 2592.993679][ T9560] team0: Port device team_slave_1 added [ 2593.072846][ T9560] device hsr_slave_0 entered promiscuous mode [ 2593.125238][ T9560] device hsr_slave_1 entered promiscuous mode [ 2593.164944][ T9560] debugfs: Directory 'hsr0' with parent '/' already present! [ 2593.182729][ T9560] bridge0: port 2(bridge_slave_1) entered blocking state [ 2593.189843][ T9560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2593.197186][ T9560] bridge0: port 1(bridge_slave_0) entered blocking state [ 2593.204296][ T9560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2593.269687][ T9560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2593.289925][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2593.304557][T26241] bridge0: port 1(bridge_slave_0) entered disabled state [ 2593.316149][T26241] bridge0: port 2(bridge_slave_1) entered disabled state [ 2593.337315][ T9560] 8021q: adding VLAN 0 to HW filter on device team0 [ 2593.350704][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2593.363807][T26241] bridge0: port 1(bridge_slave_0) entered blocking state [ 2593.370926][T26241] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2593.403918][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2593.412904][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2593.419985][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2593.435464][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2593.453726][ T9560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2593.470363][ T9560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2593.483746][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2593.497434][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2593.510509][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2593.520626][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2593.545507][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2593.557252][ T9560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2593.932874][ T9570] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2593.943149][ T9570] CPU: 0 PID: 9570 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2593.950951][ T9570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2593.960995][ T9570] Call Trace: [ 2593.964295][ T9570] dump_stack+0xf5/0x159 [ 2593.968531][ T9570] dump_header+0xaa/0x449 [ 2593.972868][ T9570] oom_kill_process.cold+0x10/0x15 [ 2593.977978][ T9570] out_of_memory+0x231/0xa00 [ 2593.982566][ T9570] mem_cgroup_out_of_memory+0x128/0x150 [ 2593.988132][ T9570] memory_max_write+0x17b/0x250 [ 2593.993009][ T9570] cgroup_file_write+0x119/0x320 [ 2593.997964][ T9570] ? high_work_func+0x30/0x30 [ 2594.002665][ T9570] kernfs_fop_write+0x1f4/0x2e0 [ 2594.007527][ T9570] ? cgroup_css.part.0+0x90/0x90 [ 2594.012488][ T9570] __vfs_write+0x67/0xc0 [ 2594.016753][ T9570] ? kernfs_seq_show+0xe0/0xe0 [ 2594.021540][ T9570] vfs_write+0x18a/0x390 [ 2594.025813][ T9570] ksys_write+0xd5/0x1b0 [ 2594.030072][ T9570] __x64_sys_write+0x4c/0x60 [ 2594.034685][ T9570] do_syscall_64+0xcc/0x370 [ 2594.039209][ T9570] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2594.045111][ T9570] RIP: 0033:0x459f39 [ 2594.049029][ T9570] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2594.068651][ T9570] RSP: 002b:00007fd0f8ac0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2594.077086][ T9570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2594.085069][ T9570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2594.093045][ T9570] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2594.101023][ T9570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0f8ac16d4 [ 2594.108999][ T9570] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2594.120622][ T9570] memory: usage 6816kB, limit 0kB, failcnt 5115 [ 2594.126959][ T9570] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2594.133798][ T9570] Memory cgroup stats for /syz2: [ 2594.134005][ T9570] anon 6459392 [ 2594.134005][ T9570] file 4096 [ 2594.134005][ T9570] kernel_stack 36864 [ 2594.134005][ T9570] slab 376832 [ 2594.134005][ T9570] sock 0 [ 2594.134005][ T9570] shmem 0 [ 2594.134005][ T9570] file_mapped 0 [ 2594.134005][ T9570] file_dirty 0 [ 2594.134005][ T9570] file_writeback 0 [ 2594.134005][ T9570] anon_thp 6291456 [ 2594.134005][ T9570] inactive_anon 135168 [ 2594.134005][ T9570] active_anon 6459392 [ 2594.134005][ T9570] inactive_file 106496 [ 2594.134005][ T9570] active_file 16384 [ 2594.134005][ T9570] unevictable 0 [ 2594.134005][ T9570] slab_reclaimable 270336 [ 2594.134005][ T9570] slab_unreclaimable 106496 [ 2594.134005][ T9570] pgfault 111111 [ 2594.134005][ T9570] pgmajfault 0 [ 2594.134005][ T9570] workingset_refault 0 [ 2594.134005][ T9570] workingset_activate 0 [ 2594.134005][ T9570] workingset_nodereclaim 2145 [ 2594.134005][ T9570] pgrefill 87729 [ 2594.134005][ T9570] pgscan 697571 [ 2594.134005][ T9570] pgsteal 221329 [ 2594.227670][ T9570] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9566,uid=0 [ 2594.244403][ T9570] Memory cgroup out of memory: Killed process 9566 (syz-executor.2) total-vm:72852kB, anon-rss:6244kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2594.263940][ T1062] oom_reaper: reaped process 9566 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:45 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:45 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:45 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001400)=ANY=[@ANYBLOB="d3d2b93c38f19c0400cd8034"], 0xc}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="ea0000008000000000cbc624877c8252c28f5e87a64820546a1ebe1f6adb3b91e7f1ffd7e4ab569f8eb9808e0b61a0bf7a301ffe8dac0773d9e5411b2b25f3fbc7cf9482c1f0d81a590ed76f2c4af37b968e2f3323d61ca62ef8d48f42ffd913acf060c10300000882fc399eaab8787f0dd1510490b0f420326bcc4e2b65e7c68bacee7877a6274d908e5a5d512b87ed3eb24d00d331", @ANYRES16=0x0, @ANYPTR64, @ANYRESDEC], 0x0, 0xb4}, 0x20) tkill(r0, 0x39) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:51:45 executing program 3: 07:51:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(0x0, 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:45 executing program 4: [ 2594.344440][ T9560] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2594.400435][ T9560] CPU: 0 PID: 9560 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2594.408361][ T9560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2594.418428][ T9560] Call Trace: [ 2594.421750][ T9560] dump_stack+0xf5/0x159 [ 2594.426025][ T9560] dump_header+0xaa/0x449 [ 2594.430441][ T9560] oom_kill_process.cold+0x10/0x15 [ 2594.435629][ T9560] out_of_memory+0x231/0xa00 [ 2594.440242][ T9560] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2594.445914][ T9560] mem_cgroup_out_of_memory+0x128/0x150 [ 2594.451502][ T9560] try_charge+0xb3a/0xbc0 [ 2594.455978][ T9560] ? rcu_note_context_switch+0x700/0x760 [ 2594.461646][ T9560] mem_cgroup_try_charge+0xd2/0x260 [ 2594.466948][ T9560] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2594.472613][ T9560] wp_page_copy+0x322/0x1160 [ 2594.477228][ T9560] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2594.482905][ T9560] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2594.488808][ T9560] do_wp_page+0x192/0x11f0 [ 2594.493244][ T9560] ? __kcsan_setup_watchpoint+0x6b/0x4a0 07:51:45 executing program 4: [ 2594.498908][ T9560] __handle_mm_fault+0x1c07/0x2cb0 [ 2594.504108][ T9560] handle_mm_fault+0x21b/0x530 [ 2594.508980][ T9560] __do_page_fault+0x3fb/0x9e0 [ 2594.513783][ T9560] do_page_fault+0x54/0x233 [ 2594.518346][ T9560] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2594.524090][ T9560] page_fault+0x34/0x40 [ 2594.528274][ T9560] RIP: 0033:0x431016 07:51:45 executing program 3: [ 2594.532198][ T9560] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2594.551848][ T9560] RSP: 002b:00007fffa4a247a0 EFLAGS: 00010206 [ 2594.557935][ T9560] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2594.565929][ T9560] RDX: 0000000001ad4930 RSI: 0000000001adc970 RDI: 0000000000000003 [ 2594.574004][ T9560] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001ad3940 [ 2594.582049][ T9560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2594.590109][ T9560] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2594.675015][ T9560] memory: usage 356kB, limit 0kB, failcnt 5125 [ 2594.682471][ T9560] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:51:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(0x0, 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:45 executing program 4: [ 2594.810452][ T9560] Memory cgroup stats for /syz2: [ 2594.810762][ T9560] anon 77824 [ 2594.810762][ T9560] file 4096 [ 2594.810762][ T9560] kernel_stack 36864 [ 2594.810762][ T9560] slab 376832 [ 2594.810762][ T9560] sock 0 [ 2594.810762][ T9560] shmem 0 [ 2594.810762][ T9560] file_mapped 0 [ 2594.810762][ T9560] file_dirty 0 [ 2594.810762][ T9560] file_writeback 0 [ 2594.810762][ T9560] anon_thp 0 [ 2594.810762][ T9560] inactive_anon 135168 [ 2594.810762][ T9560] active_anon 77824 [ 2594.810762][ T9560] inactive_file 106496 07:51:45 executing program 0: 07:51:45 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) read(r1, 0x0, 0x0) [ 2594.810762][ T9560] active_file 16384 [ 2594.810762][ T9560] unevictable 0 [ 2594.810762][ T9560] slab_reclaimable 270336 [ 2594.810762][ T9560] slab_unreclaimable 106496 [ 2594.810762][ T9560] pgfault 111111 [ 2594.810762][ T9560] pgmajfault 0 [ 2594.810762][ T9560] workingset_refault 0 [ 2594.810762][ T9560] workingset_activate 0 [ 2594.810762][ T9560] workingset_nodereclaim 2145 [ 2594.810762][ T9560] pgrefill 87729 [ 2594.810762][ T9560] pgscan 697571 [ 2594.810762][ T9560] pgsteal 221329 [ 2594.810762][ T9560] pgactivate 195690 [ 2595.244952][ T9560] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9560,uid=0 [ 2595.278519][ T9560] Memory cgroup out of memory: Killed process 9560 (syz-executor.2) total-vm:72456kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2595.365849][ T1062] oom_reaper: reaped process 9560 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 07:51:46 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2596.125612][T26081] device bridge_slave_1 left promiscuous mode [ 2596.131836][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2596.175559][T26081] device bridge_slave_0 left promiscuous mode [ 2596.181843][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2597.025239][T26081] device hsr_slave_0 left promiscuous mode [ 2597.065058][T26081] device hsr_slave_1 left promiscuous mode [ 2597.112687][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2597.123439][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2597.134048][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2597.180326][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2597.243021][T26081] bond0 (unregistering): Released all slaves [ 2597.352732][ T9597] IPVS: ftp: loaded support on port[0] = 21 [ 2597.418193][ T9597] chnl_net:caif_netlink_parms(): no params data found [ 2597.505790][ T9597] bridge0: port 1(bridge_slave_0) entered blocking state [ 2597.512902][ T9597] bridge0: port 1(bridge_slave_0) entered disabled state [ 2597.521106][ T9597] device bridge_slave_0 entered promiscuous mode [ 2597.533730][ T9597] bridge0: port 2(bridge_slave_1) entered blocking state [ 2597.540943][ T9597] bridge0: port 2(bridge_slave_1) entered disabled state [ 2597.553265][ T9597] device bridge_slave_1 entered promiscuous mode [ 2597.580566][ T9597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2597.596387][ T9597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2597.624228][ T9597] team0: Port device team_slave_0 added [ 2597.636029][ T9597] team0: Port device team_slave_1 added [ 2597.698329][ T9597] device hsr_slave_0 entered promiscuous mode [ 2597.735302][ T9597] device hsr_slave_1 entered promiscuous mode [ 2597.844972][ T9597] debugfs: Directory 'hsr0' with parent '/' already present! [ 2597.868356][ T9597] bridge0: port 2(bridge_slave_1) entered blocking state [ 2597.875452][ T9597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2597.882754][ T9597] bridge0: port 1(bridge_slave_0) entered blocking state [ 2597.889901][ T9597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2597.944112][ T9597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2597.964670][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2597.973532][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2597.987149][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2598.006877][ T9597] 8021q: adding VLAN 0 to HW filter on device team0 [ 2598.023937][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2598.033509][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2598.040581][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2598.059872][ T9174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2598.068722][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 2598.075791][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2598.101835][ T9597] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2598.113304][ T9597] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2598.127407][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2598.136977][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2598.151257][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2598.162137][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2598.175908][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2598.184095][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2598.209314][ T9597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2598.640666][ T9607] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2598.657644][ T9607] CPU: 1 PID: 9607 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2598.665515][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2598.675586][ T9607] Call Trace: [ 2598.678870][ T9607] dump_stack+0xf5/0x159 [ 2598.683108][ T9607] dump_header+0xaa/0x449 [ 2598.687470][ T9607] oom_kill_process.cold+0x10/0x15 [ 2598.692571][ T9607] out_of_memory+0x231/0xa00 [ 2598.697176][ T9607] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2598.702869][ T9607] mem_cgroup_out_of_memory+0x128/0x150 [ 2598.708412][ T9607] try_charge+0xb3a/0xbc0 [ 2598.712780][ T9607] ? rcu_note_context_switch+0x700/0x760 [ 2598.718461][ T9607] mem_cgroup_try_charge+0xd2/0x260 [ 2598.723668][ T9607] __add_to_page_cache_locked+0x163/0x780 [ 2598.729398][ T9607] ? __read_once_size.constprop.0+0x20/0x20 [ 2598.735335][ T9607] add_to_page_cache_lru+0xe2/0x2d0 [ 2598.740526][ T9607] pagecache_get_page+0x2ab/0x760 [ 2598.745639][ T9607] grab_cache_page_write_begin+0x5d/0x90 [ 2598.751319][ T9607] ext4_da_write_begin+0x175/0x7e0 [ 2598.756427][ T9607] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2598.762078][ T9607] generic_perform_write+0x136/0x320 [ 2598.767362][ T9607] __generic_file_write_iter+0x251/0x380 [ 2598.773005][ T9607] ext4_file_write_iter+0x1bd/0xa00 [ 2598.778200][ T9607] new_sync_write+0x388/0x4a0 [ 2598.782911][ T9607] __vfs_write+0xb1/0xc0 [ 2598.787145][ T9607] vfs_write+0x18a/0x390 [ 2598.791390][ T9607] ksys_write+0xd5/0x1b0 [ 2598.795633][ T9607] __x64_sys_write+0x4c/0x60 [ 2598.800256][ T9607] do_syscall_64+0xcc/0x370 [ 2598.804797][ T9607] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2598.810778][ T9607] RIP: 0033:0x459f39 [ 2598.814751][ T9607] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2598.834340][ T9607] RSP: 002b:00007f32570dec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2598.842740][ T9607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2598.850765][ T9607] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2598.858840][ T9607] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2598.866800][ T9607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32570df6d4 [ 2598.874800][ T9607] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2598.886274][ T9607] memory: usage 4780kB, limit 0kB, failcnt 5549 [ 2598.892667][ T9607] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2598.899663][ T9607] Memory cgroup stats for /syz1: [ 2598.899944][ T9607] anon 4259840 [ 2598.899944][ T9607] file 176128 [ 2598.899944][ T9607] kernel_stack 0 [ 2598.899944][ T9607] slab 180224 [ 2598.899944][ T9607] sock 0 [ 2598.899944][ T9607] shmem 0 [ 2598.899944][ T9607] file_mapped 0 [ 2598.899944][ T9607] file_dirty 0 [ 2598.899944][ T9607] file_writeback 0 [ 2598.899944][ T9607] anon_thp 4194304 [ 2598.899944][ T9607] inactive_anon 0 [ 2598.899944][ T9607] active_anon 4259840 [ 2598.899944][ T9607] inactive_file 102400 [ 2598.899944][ T9607] active_file 4096 [ 2598.899944][ T9607] unevictable 0 [ 2598.899944][ T9607] slab_reclaimable 135168 [ 2598.899944][ T9607] slab_unreclaimable 45056 [ 2598.899944][ T9607] pgfault 101970 [ 2598.899944][ T9607] pgmajfault 0 [ 2598.899944][ T9607] workingset_refault 0 [ 2598.899944][ T9607] workingset_activate 0 [ 2598.899944][ T9607] workingset_nodereclaim 1683 [ 2598.899944][ T9607] pgrefill 57971 [ 2598.899944][ T9607] pgscan 580551 [ 2598.899944][ T9607] pgsteal 201662 [ 2598.994181][ T9607] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9605,uid=0 [ 2599.009791][ T9607] Memory cgroup out of memory: Killed process 9605 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2599.030230][ T1062] oom_reaper: reaped process 9605 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:49 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:49 executing program 0: 07:51:49 executing program 3: 07:51:49 executing program 4: 07:51:49 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(0x0, 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:49 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2599.202222][ T9597] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2599.257390][ T9597] CPU: 1 PID: 9597 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2599.265244][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2599.275307][ T9597] Call Trace: [ 2599.278640][ T9597] dump_stack+0xf5/0x159 [ 2599.282927][ T9597] dump_header+0xaa/0x449 [ 2599.287288][ T9597] oom_kill_process.cold+0x10/0x15 [ 2599.292415][ T9597] out_of_memory+0x231/0xa00 [ 2599.297060][ T9597] ? __kcsan_setup_watchpoint+0x6b/0x4a0 07:51:50 executing program 4: [ 2599.302745][ T9597] mem_cgroup_out_of_memory+0x128/0x150 [ 2599.308406][ T9597] try_charge+0xb3a/0xbc0 [ 2599.312766][ T9597] ? rcu_note_context_switch+0x700/0x760 [ 2599.318430][ T9597] mem_cgroup_try_charge+0xd2/0x260 [ 2599.323655][ T9597] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2599.329310][ T9597] wp_page_copy+0x322/0x1160 [ 2599.333973][ T9597] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2599.339658][ T9597] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2599.345398][ T9597] do_wp_page+0x192/0x11f0 [ 2599.349832][ T9597] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2599.355496][ T9597] __handle_mm_fault+0x1c07/0x2cb0 [ 2599.360645][ T9597] handle_mm_fault+0x21b/0x530 [ 2599.365512][ T9597] __do_page_fault+0x3fb/0x9e0 [ 2599.370313][ T9597] do_page_fault+0x54/0x233 [ 2599.374864][ T9597] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2599.380606][ T9597] page_fault+0x34/0x40 [ 2599.384770][ T9597] RIP: 0033:0x431016 [ 2599.388689][ T9597] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2599.408383][ T9597] RSP: 002b:00007ffe25d53270 EFLAGS: 00010206 [ 2599.414463][ T9597] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2599.422519][ T9597] RDX: 0000000000d7e930 RSI: 0000000000d86970 RDI: 0000000000000003 [ 2599.430502][ T9597] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000d7d940 [ 2599.438552][ T9597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2599.446594][ T9597] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2599.463365][ T9597] memory: usage 392kB, limit 0kB, failcnt 5564 [ 2599.469760][ T9597] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2599.477131][ T9597] Memory cgroup stats for /syz1: [ 2599.477439][ T9597] anon 0 [ 2599.477439][ T9597] file 176128 [ 2599.477439][ T9597] kernel_stack 0 [ 2599.477439][ T9597] slab 180224 [ 2599.477439][ T9597] sock 0 [ 2599.477439][ T9597] shmem 0 [ 2599.477439][ T9597] file_mapped 0 [ 2599.477439][ T9597] file_dirty 0 [ 2599.477439][ T9597] file_writeback 0 [ 2599.477439][ T9597] anon_thp 0 07:51:50 executing program 4: 07:51:50 executing program 3: 07:51:50 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x2f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="76d1191c", 0x5c8, 0x0, 0x0, 0x0) [ 2599.477439][ T9597] inactive_anon 0 [ 2599.477439][ T9597] active_anon 0 [ 2599.477439][ T9597] inactive_file 102400 [ 2599.477439][ T9597] active_file 4096 [ 2599.477439][ T9597] unevictable 0 [ 2599.477439][ T9597] slab_reclaimable 135168 [ 2599.477439][ T9597] slab_unreclaimable 45056 [ 2599.477439][ T9597] pgfault 102003 [ 2599.477439][ T9597] pgmajfault 0 [ 2599.477439][ T9597] workingset_refault 0 [ 2599.477439][ T9597] workingset_activate 0 [ 2599.477439][ T9597] workingset_nodereclaim 1716 [ 2599.477439][ T9597] pgrefill 57971 [ 2599.477439][ T9597] pgscan 580551 [ 2599.477439][ T9597] pgsteal 201662 [ 2599.477439][ T9597] pgactivate 148038 [ 2599.674913][ T9597] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9597,uid=0 07:51:50 executing program 3: 07:51:50 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(0x0, 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2599.713760][ T9597] Memory cgroup out of memory: Killed process 9597 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2599.806979][ T1062] oom_reaper: reaped process 9597 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2599.976906][ T25] audit: type=1804 audit(1572076310.761:205): pid=9634 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2332/bus" dev="sda1" ino=16609 res=1 07:51:51 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:51 executing program 4: 07:51:51 executing program 0: 07:51:51 executing program 3: 07:51:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(0x0, 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2600.623857][ T25] audit: type=1804 audit(1572076311.401:206): pid=9645 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2333/bus" dev="sda1" ino=16929 res=1 [ 2600.985553][T26081] device bridge_slave_1 left promiscuous mode [ 2600.991831][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2601.045701][T26081] device bridge_slave_0 left promiscuous mode [ 2601.051934][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2601.855230][T26081] device hsr_slave_0 left promiscuous mode [ 2601.895006][T26081] device hsr_slave_1 left promiscuous mode [ 2601.942154][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2601.954179][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2601.965033][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2602.010001][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2602.080970][T26081] bond0 (unregistering): Released all slaves [ 2602.183858][ T9652] IPVS: ftp: loaded support on port[0] = 21 [ 2602.258495][ T9652] chnl_net:caif_netlink_parms(): no params data found [ 2602.291902][ T9652] bridge0: port 1(bridge_slave_0) entered blocking state [ 2602.299156][ T9652] bridge0: port 1(bridge_slave_0) entered disabled state [ 2602.307265][ T9652] device bridge_slave_0 entered promiscuous mode [ 2602.314723][ T9652] bridge0: port 2(bridge_slave_1) entered blocking state [ 2602.322031][ T9652] bridge0: port 2(bridge_slave_1) entered disabled state [ 2602.329736][ T9652] device bridge_slave_1 entered promiscuous mode [ 2602.396476][ T9652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2602.410295][ T9652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2602.440478][ T9652] team0: Port device team_slave_0 added [ 2602.450608][ T9652] team0: Port device team_slave_1 added [ 2602.519433][ T9652] device hsr_slave_0 entered promiscuous mode [ 2602.576922][ T9652] device hsr_slave_1 entered promiscuous mode [ 2602.628056][ T9652] debugfs: Directory 'hsr0' with parent '/' already present! [ 2602.649304][ T9652] bridge0: port 2(bridge_slave_1) entered blocking state [ 2602.656423][ T9652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2602.663862][ T9652] bridge0: port 1(bridge_slave_0) entered blocking state [ 2602.670994][ T9652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2602.726423][ T9652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2602.745360][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2602.754121][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2602.767828][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2602.785730][ T9652] 8021q: adding VLAN 0 to HW filter on device team0 [ 2602.802876][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2602.811958][T32140] bridge0: port 1(bridge_slave_0) entered blocking state [ 2602.819040][T32140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2602.848646][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2602.857465][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2602.864498][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2602.875971][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2602.885721][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2602.901102][ T9652] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2602.912374][ T9652] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2602.926204][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2602.934789][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2602.944059][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2602.953285][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2602.980128][ T9652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2603.373889][ T9663] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2603.385957][ T9663] CPU: 0 PID: 9663 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2603.393785][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2603.403823][ T9663] Call Trace: [ 2603.407105][ T9663] dump_stack+0xf5/0x159 [ 2603.411373][ T9663] dump_header+0xaa/0x449 [ 2603.415784][ T9663] oom_kill_process.cold+0x10/0x15 [ 2603.420883][ T9663] out_of_memory+0x231/0xa00 [ 2603.425503][ T9663] mem_cgroup_out_of_memory+0x128/0x150 [ 2603.431042][ T9663] memory_max_write+0x17b/0x250 [ 2603.435918][ T9663] cgroup_file_write+0x119/0x320 [ 2603.440876][ T9663] ? high_work_func+0x30/0x30 [ 2603.445543][ T9663] kernfs_fop_write+0x1f4/0x2e0 [ 2603.450413][ T9663] ? cgroup_css.part.0+0x90/0x90 [ 2603.455336][ T9663] __vfs_write+0x67/0xc0 [ 2603.459565][ T9663] ? kernfs_seq_show+0xe0/0xe0 [ 2603.464348][ T9663] vfs_write+0x18a/0x390 [ 2603.468578][ T9663] ksys_write+0xd5/0x1b0 [ 2603.472808][ T9663] __x64_sys_write+0x4c/0x60 [ 2603.477387][ T9663] do_syscall_64+0xcc/0x370 [ 2603.481878][ T9663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2603.487752][ T9663] RIP: 0033:0x459f39 [ 2603.491637][ T9663] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2603.511258][ T9663] RSP: 002b:00007f2a67fb0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2603.519774][ T9663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2603.527729][ T9663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2603.535681][ T9663] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2603.543633][ T9663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a67fb16d4 [ 2603.551597][ T9663] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2603.561632][ T9663] memory: usage 6832kB, limit 0kB, failcnt 5157 [ 2603.571028][ T9663] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2603.580775][ T9663] Memory cgroup stats for /syz2: [ 2603.580986][ T9663] anon 6402048 [ 2603.580986][ T9663] file 143360 [ 2603.580986][ T9663] kernel_stack 36864 [ 2603.580986][ T9663] slab 241664 [ 2603.580986][ T9663] sock 0 [ 2603.580986][ T9663] shmem 0 [ 2603.580986][ T9663] file_mapped 0 [ 2603.580986][ T9663] file_dirty 135168 [ 2603.580986][ T9663] file_writeback 0 [ 2603.580986][ T9663] anon_thp 6291456 [ 2603.580986][ T9663] inactive_anon 135168 [ 2603.580986][ T9663] active_anon 6402048 [ 2603.580986][ T9663] inactive_file 106496 [ 2603.580986][ T9663] active_file 53248 [ 2603.580986][ T9663] unevictable 0 [ 2603.580986][ T9663] slab_reclaimable 135168 [ 2603.580986][ T9663] slab_unreclaimable 106496 [ 2603.580986][ T9663] pgfault 111210 [ 2603.580986][ T9663] pgmajfault 0 [ 2603.580986][ T9663] workingset_refault 0 [ 2603.580986][ T9663] workingset_activate 0 [ 2603.580986][ T9663] workingset_nodereclaim 2145 [ 2603.580986][ T9663] pgrefill 88670 [ 2603.580986][ T9663] pgscan 704707 [ 2603.580986][ T9663] pgsteal 222933 [ 2603.675447][ T9663] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9659,uid=0 [ 2603.691162][ T9663] Memory cgroup out of memory: Killed process 9659 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2603.711813][ T1062] oom_reaper: reaped process 9659 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:54 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:54 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:54 executing program 4: 07:51:54 executing program 3: 07:51:54 executing program 0: 07:51:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(0x0, 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2603.828968][ T9652] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2603.860169][ T9652] CPU: 1 PID: 9652 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2603.868019][ T9652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2603.878157][ T9652] Call Trace: [ 2603.881475][ T9652] dump_stack+0xf5/0x159 [ 2603.885742][ T9652] dump_header+0xaa/0x449 [ 2603.890198][ T9652] oom_kill_process.cold+0x10/0x15 [ 2603.895349][ T9652] out_of_memory+0x231/0xa00 [ 2603.899960][ T9652] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2603.905629][ T9652] mem_cgroup_out_of_memory+0x128/0x150 [ 2603.911210][ T9652] try_charge+0xb3a/0xbc0 [ 2603.915591][ T9652] ? rcu_note_context_switch+0x700/0x760 [ 2603.921334][ T9652] mem_cgroup_try_charge+0xd2/0x260 [ 2603.926600][ T9652] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2603.932326][ T9652] wp_page_copy+0x322/0x1160 [ 2603.936931][ T9652] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2603.942619][ T9652] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2603.948285][ T9652] do_wp_page+0x192/0x11f0 [ 2603.952766][ T9652] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2603.958418][ T9652] __handle_mm_fault+0x1c07/0x2cb0 [ 2603.963626][ T9652] handle_mm_fault+0x21b/0x530 [ 2603.968432][ T9652] __do_page_fault+0x3fb/0x9e0 [ 2603.973228][ T9652] do_page_fault+0x54/0x233 07:51:54 executing program 3: [ 2603.977790][ T9652] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2603.983584][ T9652] page_fault+0x34/0x40 [ 2603.987755][ T9652] RIP: 0033:0x431016 [ 2603.991695][ T9652] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2604.011321][ T9652] RSP: 002b:00007fff36cb87f0 EFLAGS: 00010206 [ 2604.017427][ T9652] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 07:51:54 executing program 0: [ 2604.025434][ T9652] RDX: 0000000000caf930 RSI: 0000000000cb7970 RDI: 0000000000000003 [ 2604.033478][ T9652] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000cae940 [ 2604.041455][ T9652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2604.049440][ T9652] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2604.103404][ T25] audit: type=1804 audit(1572076314.881:207): pid=9670 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2334/bus" dev="sda1" ino=16580 res=1 07:51:55 executing program 4: 07:51:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:55 executing program 3: 07:51:55 executing program 0: [ 2604.454966][ T9652] memory: usage 372kB, limit 0kB, failcnt 5166 [ 2604.463489][ T9652] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2604.492133][ T9652] Memory cgroup stats for /syz2: [ 2604.492448][ T9652] anon 69632 [ 2604.492448][ T9652] file 143360 [ 2604.492448][ T9652] kernel_stack 0 [ 2604.492448][ T9652] slab 241664 [ 2604.492448][ T9652] sock 0 [ 2604.492448][ T9652] shmem 0 [ 2604.492448][ T9652] file_mapped 0 [ 2604.492448][ T9652] file_dirty 135168 [ 2604.492448][ T9652] file_writeback 0 [ 2604.492448][ T9652] anon_thp 0 [ 2604.492448][ T9652] inactive_anon 135168 [ 2604.492448][ T9652] active_anon 69632 [ 2604.492448][ T9652] inactive_file 106496 [ 2604.492448][ T9652] active_file 53248 [ 2604.492448][ T9652] unevictable 0 [ 2604.492448][ T9652] slab_reclaimable 135168 [ 2604.492448][ T9652] slab_unreclaimable 106496 [ 2604.492448][ T9652] pgfault 111210 [ 2604.492448][ T9652] pgmajfault 0 [ 2604.492448][ T9652] workingset_refault 0 [ 2604.492448][ T9652] workingset_activate 0 [ 2604.492448][ T9652] workingset_nodereclaim 2178 [ 2604.492448][ T9652] pgrefill 88670 [ 2604.492448][ T9652] pgscan 704707 [ 2604.492448][ T9652] pgsteal 222933 [ 2604.602320][ T25] audit: type=1804 audit(1572076315.381:208): pid=9683 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2335/bus" dev="sda1" ino=16526 res=1 [ 2604.685088][ T25] audit: type=1804 audit(1572076315.411:209): pid=9683 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2335/bus" dev="sda1" ino=16526 res=1 [ 2604.854961][ T9652] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9652,uid=0 [ 2604.911101][ T9652] Memory cgroup out of memory: Killed process 9652 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2604.960018][ T1062] oom_reaper: reaped process 9652 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:51:56 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2605.495852][T26081] device bridge_slave_1 left promiscuous mode [ 2605.502105][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2605.555890][T26081] device bridge_slave_0 left promiscuous mode [ 2605.562092][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2606.415381][T26081] device hsr_slave_0 left promiscuous mode [ 2606.455019][T26081] device hsr_slave_1 left promiscuous mode [ 2606.503516][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2606.514208][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2606.524661][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2606.559814][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2606.651715][T26081] bond0 (unregistering): Released all slaves [ 2606.793853][ T9689] IPVS: ftp: loaded support on port[0] = 21 [ 2606.857061][ T9689] chnl_net:caif_netlink_parms(): no params data found [ 2606.887908][ T9689] bridge0: port 1(bridge_slave_0) entered blocking state [ 2606.895079][ T9689] bridge0: port 1(bridge_slave_0) entered disabled state [ 2606.902769][ T9689] device bridge_slave_0 entered promiscuous mode [ 2606.945017][ T9689] bridge0: port 2(bridge_slave_1) entered blocking state [ 2606.952186][ T9689] bridge0: port 2(bridge_slave_1) entered disabled state [ 2606.960331][ T9689] device bridge_slave_1 entered promiscuous mode [ 2606.983114][ T9689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2606.994431][ T9689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2607.017839][ T9689] team0: Port device team_slave_0 added [ 2607.024773][ T9689] team0: Port device team_slave_1 added [ 2607.087920][ T9689] device hsr_slave_0 entered promiscuous mode [ 2607.139587][ T9689] device hsr_slave_1 entered promiscuous mode [ 2607.199386][ T9689] debugfs: Directory 'hsr0' with parent '/' already present! [ 2607.220329][ T9689] bridge0: port 2(bridge_slave_1) entered blocking state [ 2607.227468][ T9689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2607.234775][ T9689] bridge0: port 1(bridge_slave_0) entered blocking state [ 2607.241850][ T9689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2607.297018][ T9689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2607.313881][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2607.329876][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2607.340681][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2607.360458][ T9689] 8021q: adding VLAN 0 to HW filter on device team0 [ 2607.375812][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2607.384361][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2607.391526][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2607.423915][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2607.432789][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2607.439864][ T6155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2607.456075][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2607.480981][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2607.495538][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2607.504585][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2607.518476][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2607.528841][ T9689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2607.553103][ T9689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2608.035505][ T9697] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2608.048748][ T9697] CPU: 1 PID: 9697 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2608.056607][ T9697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2608.066661][ T9697] Call Trace: [ 2608.069981][ T9697] dump_stack+0xf5/0x159 [ 2608.074250][ T9697] dump_header+0xaa/0x449 [ 2608.078617][ T9697] oom_kill_process.cold+0x10/0x15 [ 2608.083764][ T9697] out_of_memory+0x231/0xa00 [ 2608.088443][ T9697] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2608.094206][ T9697] mem_cgroup_out_of_memory+0x128/0x150 [ 2608.099751][ T9697] try_charge+0xb3a/0xbc0 [ 2608.104075][ T9697] ? rcu_note_context_switch+0x700/0x760 [ 2608.109751][ T9697] mem_cgroup_try_charge+0xd2/0x260 [ 2608.114942][ T9697] __add_to_page_cache_locked+0x163/0x780 [ 2608.120686][ T9697] ? __read_once_size.constprop.0+0x20/0x20 [ 2608.126592][ T9697] add_to_page_cache_lru+0xe2/0x2d0 [ 2608.131825][ T9697] pagecache_get_page+0x2ab/0x760 [ 2608.136853][ T9697] grab_cache_page_write_begin+0x5d/0x90 [ 2608.142563][ T9697] ext4_da_write_begin+0x175/0x7e0 [ 2608.147686][ T9697] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2608.153330][ T9697] generic_perform_write+0x136/0x320 [ 2608.158625][ T9697] __generic_file_write_iter+0x251/0x380 [ 2608.164273][ T9697] ext4_file_write_iter+0x1bd/0xa00 [ 2608.169562][ T9697] new_sync_write+0x388/0x4a0 [ 2608.174283][ T9697] __vfs_write+0xb1/0xc0 [ 2608.178551][ T9697] vfs_write+0x18a/0x390 [ 2608.182784][ T9697] ksys_write+0xd5/0x1b0 [ 2608.187111][ T9697] __x64_sys_write+0x4c/0x60 [ 2608.191762][ T9697] do_syscall_64+0xcc/0x370 [ 2608.196394][ T9697] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2608.202275][ T9697] RIP: 0033:0x459f39 [ 2608.206226][ T9697] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2608.225850][ T9697] RSP: 002b:00007f1c20c82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2608.234339][ T9697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2608.242322][ T9697] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2608.250282][ T9697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2608.258238][ T9697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1c20c836d4 [ 2608.266267][ T9697] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2608.276340][ T9697] memory: usage 4796kB, limit 0kB, failcnt 5607 [ 2608.282704][ T9697] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2608.290366][ T9697] Memory cgroup stats for /syz1: [ 2608.290608][ T9697] anon 4210688 [ 2608.290608][ T9697] file 20480 [ 2608.290608][ T9697] kernel_stack 0 [ 2608.290608][ T9697] slab 319488 [ 2608.290608][ T9697] sock 0 [ 2608.290608][ T9697] shmem 0 [ 2608.290608][ T9697] file_mapped 0 [ 2608.290608][ T9697] file_dirty 0 [ 2608.290608][ T9697] file_writeback 0 [ 2608.290608][ T9697] anon_thp 4194304 [ 2608.290608][ T9697] inactive_anon 0 [ 2608.290608][ T9697] active_anon 4210688 [ 2608.290608][ T9697] inactive_file 12288 [ 2608.290608][ T9697] active_file 4096 [ 2608.290608][ T9697] unevictable 0 [ 2608.290608][ T9697] slab_reclaimable 135168 [ 2608.290608][ T9697] slab_unreclaimable 184320 [ 2608.290608][ T9697] pgfault 102069 [ 2608.290608][ T9697] pgmajfault 0 [ 2608.290608][ T9697] workingset_refault 0 [ 2608.290608][ T9697] workingset_activate 0 [ 2608.290608][ T9697] workingset_nodereclaim 1716 [ 2608.290608][ T9697] pgrefill 57971 [ 2608.290608][ T9697] pgscan 584236 [ 2608.290608][ T9697] pgsteal 203741 [ 2608.290608][ T9697] pgactivate 148401 [ 2608.387042][ T9697] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9696,uid=0 [ 2608.402661][ T9697] Memory cgroup out of memory: Killed process 9696 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2608.422790][ T1062] oom_reaper: reaped process 9696 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:51:59 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:51:59 executing program 4: 07:51:59 executing program 0: 07:51:59 executing program 3: 07:51:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:51:59 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) [ 2608.542724][ T9689] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2608.590450][ T9689] CPU: 1 PID: 9689 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2608.598367][ T9689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2608.608425][ T9689] Call Trace: [ 2608.611743][ T9689] dump_stack+0xf5/0x159 [ 2608.616005][ T9689] dump_header+0xaa/0x449 [ 2608.620435][ T9689] oom_kill_process.cold+0x10/0x15 [ 2608.625617][ T9689] out_of_memory+0x231/0xa00 [ 2608.630223][ T9689] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2608.635891][ T9689] mem_cgroup_out_of_memory+0x128/0x150 [ 2608.641533][ T9689] try_charge+0xb3a/0xbc0 [ 2608.645938][ T9689] ? rcu_note_context_switch+0x700/0x760 [ 2608.651599][ T9689] mem_cgroup_try_charge+0xd2/0x260 [ 2608.656890][ T9689] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2608.662578][ T9689] wp_page_copy+0x322/0x1160 [ 2608.667187][ T9689] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2608.672853][ T9689] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2608.678596][ T9689] do_wp_page+0x192/0x11f0 [ 2608.683080][ T9689] ? __kcsan_setup_watchpoint+0x6b/0x4a0 07:51:59 executing program 3: [ 2608.688742][ T9689] __handle_mm_fault+0x1c07/0x2cb0 [ 2608.693960][ T9689] handle_mm_fault+0x21b/0x530 [ 2608.698756][ T9689] __do_page_fault+0x3fb/0x9e0 [ 2608.703591][ T9689] do_page_fault+0x54/0x233 [ 2608.708129][ T9689] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2608.713910][ T9689] page_fault+0x34/0x40 [ 2608.718074][ T9689] RIP: 0033:0x431016 07:51:59 executing program 4: [ 2608.721992][ T9689] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2608.741681][ T9689] RSP: 002b:00007ffd0ea14970 EFLAGS: 00010206 [ 2608.747755][ T9689] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2608.755743][ T9689] RDX: 0000000001729930 RSI: 0000000001731970 RDI: 0000000000000003 [ 2608.763734][ T9689] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001728940 [ 2608.771709][ T9689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2608.779690][ T9689] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2608.814884][ T25] audit: type=1804 audit(1572076319.591:210): pid=9703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2336/bus" dev="sda1" ino=16625 res=1 07:51:59 executing program 0: [ 2608.902257][ T25] audit: type=1804 audit(1572076319.641:211): pid=9703 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2336/bus" dev="sda1" ino=16625 res=1 [ 2608.944991][ T9689] memory: usage 408kB, limit 0kB, failcnt 5618 [ 2608.954677][ T9689] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:51:59 executing program 3: 07:51:59 executing program 4: [ 2609.115063][ T9689] Memory cgroup stats for /syz1: [ 2609.115317][ T9689] anon 0 [ 2609.115317][ T9689] file 20480 [ 2609.115317][ T9689] kernel_stack 0 [ 2609.115317][ T9689] slab 319488 [ 2609.115317][ T9689] sock 0 [ 2609.115317][ T9689] shmem 0 [ 2609.115317][ T9689] file_mapped 0 [ 2609.115317][ T9689] file_dirty 0 [ 2609.115317][ T9689] file_writeback 0 [ 2609.115317][ T9689] anon_thp 0 [ 2609.115317][ T9689] inactive_anon 0 [ 2609.115317][ T9689] active_anon 0 [ 2609.115317][ T9689] inactive_file 12288 [ 2609.115317][ T9689] active_file 4096 07:52:00 executing program 0: [ 2609.115317][ T9689] unevictable 0 [ 2609.115317][ T9689] slab_reclaimable 135168 [ 2609.115317][ T9689] slab_unreclaimable 184320 [ 2609.115317][ T9689] pgfault 102069 [ 2609.115317][ T9689] pgmajfault 0 [ 2609.115317][ T9689] workingset_refault 0 [ 2609.115317][ T9689] workingset_activate 0 [ 2609.115317][ T9689] workingset_nodereclaim 1749 [ 2609.115317][ T9689] pgrefill 57971 [ 2609.115317][ T9689] pgscan 584236 [ 2609.115317][ T9689] pgsteal 203741 [ 2609.115317][ T9689] pgactivate 148401 [ 2609.531491][ T9689] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9689,uid=0 [ 2609.585064][ T9689] Memory cgroup out of memory: Killed process 9689 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2609.656227][ T1062] oom_reaper: reaped process 9689 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:00 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:00 executing program 4: 07:52:00 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:00 executing program 3: 07:52:00 executing program 0: [ 2610.051830][ T25] audit: type=1804 audit(1572076320.831:212): pid=9721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2337/bus" dev="sda1" ino=16785 res=1 [ 2610.105184][ T25] audit: type=1804 audit(1572076320.831:213): pid=9721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2337/bus" dev="sda1" ino=16785 res=1 [ 2610.426254][T26081] device bridge_slave_1 left promiscuous mode [ 2610.432552][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2610.485965][T26081] device bridge_slave_0 left promiscuous mode [ 2610.492180][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2611.365152][T26081] device hsr_slave_0 left promiscuous mode [ 2611.425002][T26081] device hsr_slave_1 left promiscuous mode [ 2611.473369][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2611.484144][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2611.496518][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2611.548993][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2611.630320][T26081] bond0 (unregistering): Released all slaves [ 2611.742687][ T9727] IPVS: ftp: loaded support on port[0] = 21 [ 2611.817767][ T9727] chnl_net:caif_netlink_parms(): no params data found [ 2611.849649][ T9727] bridge0: port 1(bridge_slave_0) entered blocking state [ 2611.856811][ T9727] bridge0: port 1(bridge_slave_0) entered disabled state [ 2611.864530][ T9727] device bridge_slave_0 entered promiscuous mode [ 2611.872087][ T9727] bridge0: port 2(bridge_slave_1) entered blocking state [ 2611.879208][ T9727] bridge0: port 2(bridge_slave_1) entered disabled state [ 2611.887204][ T9727] device bridge_slave_1 entered promiscuous mode [ 2611.908859][ T9727] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2611.920064][ T9727] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2611.986251][ T9727] team0: Port device team_slave_0 added [ 2611.993599][ T9727] team0: Port device team_slave_1 added [ 2612.078163][ T9727] device hsr_slave_0 entered promiscuous mode [ 2612.115256][ T9727] device hsr_slave_1 entered promiscuous mode [ 2612.154916][ T9727] debugfs: Directory 'hsr0' with parent '/' already present! [ 2612.176196][ T9727] bridge0: port 2(bridge_slave_1) entered blocking state [ 2612.183263][ T9727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2612.190637][ T9727] bridge0: port 1(bridge_slave_0) entered blocking state [ 2612.197713][ T9727] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2612.252599][ T9727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2612.272995][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2612.282027][T32140] bridge0: port 1(bridge_slave_0) entered disabled state [ 2612.295928][T32140] bridge0: port 2(bridge_slave_1) entered disabled state [ 2612.311523][ T9727] 8021q: adding VLAN 0 to HW filter on device team0 [ 2612.330188][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2612.343298][T32140] bridge0: port 1(bridge_slave_0) entered blocking state [ 2612.351211][T32140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2612.380511][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2612.390814][ T5583] bridge0: port 2(bridge_slave_1) entered blocking state [ 2612.397902][ T5583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2612.432418][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2612.441810][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2612.457756][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2612.470855][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2612.480468][ T9727] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2612.493745][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2612.514142][ T9727] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2612.947329][ T9737] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2612.957579][ T9737] CPU: 0 PID: 9737 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2612.965377][ T9737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2612.975445][ T9737] Call Trace: [ 2612.978756][ T9737] dump_stack+0xf5/0x159 [ 2612.983022][ T9737] dump_header+0xaa/0x449 [ 2612.987357][ T9737] oom_kill_process.cold+0x10/0x15 [ 2612.992461][ T9737] out_of_memory+0x231/0xa00 [ 2612.997073][ T9737] mem_cgroup_out_of_memory+0x128/0x150 [ 2613.002637][ T9737] memory_max_write+0x17b/0x250 [ 2613.007480][ T9737] cgroup_file_write+0x119/0x320 [ 2613.012408][ T9737] ? high_work_func+0x30/0x30 [ 2613.017101][ T9737] kernfs_fop_write+0x1f4/0x2e0 [ 2613.021951][ T9737] ? cgroup_css.part.0+0x90/0x90 [ 2613.026878][ T9737] __vfs_write+0x67/0xc0 [ 2613.031160][ T9737] ? kernfs_seq_show+0xe0/0xe0 [ 2613.035930][ T9737] vfs_write+0x18a/0x390 [ 2613.040174][ T9737] ksys_write+0xd5/0x1b0 [ 2613.045361][ T9737] __x64_sys_write+0x4c/0x60 [ 2613.049946][ T9737] do_syscall_64+0xcc/0x370 [ 2613.054436][ T9737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2613.060309][ T9737] RIP: 0033:0x459f39 [ 2613.064199][ T9737] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2613.083787][ T9737] RSP: 002b:00007f3550aa3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2613.092309][ T9737] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2613.100286][ T9737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2613.108345][ T9737] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2613.116318][ T9737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3550aa46d4 [ 2613.124303][ T9737] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2613.140154][ T9737] memory: usage 6832kB, limit 0kB, failcnt 5175 [ 2613.147625][ T9737] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2613.154468][ T9737] Memory cgroup stats for /syz2: [ 2613.154598][ T9737] anon 6479872 [ 2613.154598][ T9737] file 40960 [ 2613.154598][ T9737] kernel_stack 36864 [ 2613.154598][ T9737] slab 376832 [ 2613.154598][ T9737] sock 0 [ 2613.154598][ T9737] shmem 0 [ 2613.154598][ T9737] file_mapped 0 [ 2613.154598][ T9737] file_dirty 135168 [ 2613.154598][ T9737] file_writeback 0 [ 2613.154598][ T9737] anon_thp 6291456 [ 2613.154598][ T9737] inactive_anon 135168 [ 2613.154598][ T9737] active_anon 6479872 [ 2613.154598][ T9737] inactive_file 0 [ 2613.154598][ T9737] active_file 45056 [ 2613.154598][ T9737] unevictable 0 [ 2613.154598][ T9737] slab_reclaimable 270336 [ 2613.154598][ T9737] slab_unreclaimable 106496 [ 2613.154598][ T9737] pgfault 111276 [ 2613.154598][ T9737] pgmajfault 0 [ 2613.154598][ T9737] workingset_refault 0 [ 2613.154598][ T9737] workingset_activate 0 [ 2613.154598][ T9737] workingset_nodereclaim 2178 [ 2613.154598][ T9737] pgrefill 89645 [ 2613.154598][ T9737] pgscan 720517 [ 2613.154598][ T9737] pgsteal 224975 [ 2613.249371][ T9737] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9733,uid=0 [ 2613.264801][ T9737] Memory cgroup out of memory: Killed process 9733 (syz-executor.2) total-vm:72852kB, anon-rss:6244kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2613.284579][ T1062] oom_reaper: reaped process 9733 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:52:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:04 executing program 3: 07:52:04 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:04 executing program 0: 07:52:04 executing program 4: [ 2613.408342][ T9727] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2613.442897][ T25] audit: type=1804 audit(1572076324.221:214): pid=9742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2338/bus" dev="sda1" ino=16673 res=1 [ 2613.452949][ T9727] CPU: 1 PID: 9727 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2613.475233][ T9727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2613.485315][ T9727] Call Trace: [ 2613.488636][ T9727] dump_stack+0xf5/0x159 [ 2613.492925][ T9727] dump_header+0xaa/0x449 [ 2613.497282][ T9727] oom_kill_process.cold+0x10/0x15 [ 2613.497970][ T25] audit: type=1804 audit(1572076324.231:215): pid=9742 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2338/bus" dev="sda1" ino=16673 res=1 [ 2613.502497][ T9727] out_of_memory+0x231/0xa00 [ 2613.531116][ T9727] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2613.536795][ T9727] mem_cgroup_out_of_memory+0x128/0x150 [ 2613.542378][ T9727] try_charge+0xb3a/0xbc0 [ 2613.546753][ T9727] ? rcu_note_context_switch+0x700/0x760 [ 2613.552424][ T9727] mem_cgroup_try_charge+0xd2/0x260 [ 2613.557697][ T9727] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2613.563356][ T9727] wp_page_copy+0x322/0x1160 [ 2613.567962][ T9727] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2613.573649][ T9727] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2613.579408][ T9727] do_wp_page+0x192/0x11f0 [ 2613.583843][ T9727] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2613.589496][ T9727] __handle_mm_fault+0x1c07/0x2cb0 [ 2613.594692][ T9727] handle_mm_fault+0x21b/0x530 [ 2613.599494][ T9727] __do_page_fault+0x3fb/0x9e0 [ 2613.604287][ T9727] do_page_fault+0x54/0x233 [ 2613.608849][ T9727] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2613.614589][ T9727] page_fault+0x34/0x40 [ 2613.618754][ T9727] RIP: 0033:0x431016 [ 2613.622683][ T9727] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2613.642341][ T9727] RSP: 002b:00007ffd6c078a30 EFLAGS: 00010206 [ 2613.648422][ T9727] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 07:52:04 executing program 3: 07:52:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:04 executing program 0: [ 2613.656436][ T9727] RDX: 00000000015ea930 RSI: 00000000015f2970 RDI: 0000000000000003 [ 2613.664420][ T9727] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000015e9940 [ 2613.672403][ T9727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2613.680405][ T9727] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:52:04 executing program 3: 07:52:04 executing program 4: [ 2613.836667][ T25] audit: type=1804 audit(1572076324.611:216): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2339/bus" dev="sda1" ino=16673 res=1 07:52:04 executing program 0: [ 2613.974969][ T9727] memory: usage 372kB, limit 0kB, failcnt 5184 [ 2613.981171][ T9727] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2613.998288][ T25] audit: type=1804 audit(1572076324.621:217): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2339/bus" dev="sda1" ino=16673 res=1 [ 2614.018639][ T9727] Memory cgroup stats for /syz2: [ 2614.018949][ T9727] anon 110592 [ 2614.018949][ T9727] file 40960 [ 2614.018949][ T9727] kernel_stack 36864 [ 2614.018949][ T9727] slab 376832 [ 2614.018949][ T9727] sock 0 [ 2614.018949][ T9727] shmem 0 [ 2614.018949][ T9727] file_mapped 0 [ 2614.018949][ T9727] file_dirty 135168 [ 2614.018949][ T9727] file_writeback 0 [ 2614.018949][ T9727] anon_thp 0 [ 2614.018949][ T9727] inactive_anon 135168 [ 2614.018949][ T9727] active_anon 110592 [ 2614.018949][ T9727] inactive_file 0 [ 2614.018949][ T9727] active_file 45056 [ 2614.018949][ T9727] unevictable 0 [ 2614.018949][ T9727] slab_reclaimable 270336 [ 2614.018949][ T9727] slab_unreclaimable 106496 [ 2614.018949][ T9727] pgfault 111276 [ 2614.018949][ T9727] pgmajfault 0 [ 2614.018949][ T9727] workingset_refault 0 [ 2614.018949][ T9727] workingset_activate 0 [ 2614.018949][ T9727] workingset_nodereclaim 2178 [ 2614.018949][ T9727] pgrefill 89645 [ 2614.018949][ T9727] pgscan 720517 [ 2614.018949][ T9727] pgsteal 224975 [ 2614.324504][ T9727] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9727,uid=0 [ 2614.345796][ T9727] Memory cgroup out of memory: Killed process 9727 (syz-executor.2) total-vm:72456kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2614.424262][ T1062] oom_reaper: reaped process 9727 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:05 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(0xffffffffffffffff, 0x200004) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2614.785652][ T25] audit: type=1804 audit(1572076325.571:218): pid=9757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2340/bus" dev="sda1" ino=16563 res=1 [ 2614.830879][ T25] audit: type=1804 audit(1572076325.611:219): pid=9757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2340/bus" dev="sda1" ino=16563 res=1 [ 2615.146246][T26081] device bridge_slave_1 left promiscuous mode [ 2615.152554][T26081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2615.205834][T26081] device bridge_slave_0 left promiscuous mode [ 2615.212075][T26081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2616.095282][T26081] device hsr_slave_0 left promiscuous mode [ 2616.145037][T26081] device hsr_slave_1 left promiscuous mode [ 2616.192050][T26081] team0 (unregistering): Port device team_slave_1 removed [ 2616.202793][T26081] team0 (unregistering): Port device team_slave_0 removed [ 2616.213509][T26081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2616.280148][T26081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2616.381010][T26081] bond0 (unregistering): Released all slaves [ 2616.463796][ T9760] IPVS: ftp: loaded support on port[0] = 21 [ 2616.528948][ T9760] chnl_net:caif_netlink_parms(): no params data found [ 2616.619595][ T9760] bridge0: port 1(bridge_slave_0) entered blocking state [ 2616.626869][ T9760] bridge0: port 1(bridge_slave_0) entered disabled state [ 2616.639600][ T9760] device bridge_slave_0 entered promiscuous mode [ 2616.648444][ T9760] bridge0: port 2(bridge_slave_1) entered blocking state [ 2616.659858][ T9760] bridge0: port 2(bridge_slave_1) entered disabled state [ 2616.668114][ T9760] device bridge_slave_1 entered promiscuous mode [ 2616.699995][ T9760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2616.711274][ T9760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2616.744292][ T9760] team0: Port device team_slave_0 added [ 2616.752007][ T9760] team0: Port device team_slave_1 added [ 2616.822345][ T9760] device hsr_slave_0 entered promiscuous mode [ 2616.875288][ T9760] device hsr_slave_1 entered promiscuous mode [ 2616.924969][ T9760] debugfs: Directory 'hsr0' with parent '/' already present! [ 2616.947219][ T9760] bridge0: port 2(bridge_slave_1) entered blocking state [ 2616.954296][ T9760] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2616.961734][ T9760] bridge0: port 1(bridge_slave_0) entered blocking state [ 2616.968797][ T9760] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2617.024834][ T9760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2617.043191][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2617.052339][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 2617.066008][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 2617.086815][ T9760] 8021q: adding VLAN 0 to HW filter on device team0 [ 2617.099422][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2617.108113][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 2617.115181][ T5750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2617.136679][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2617.146096][ T5750] bridge0: port 2(bridge_slave_1) entered blocking state [ 2617.153153][ T5750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2617.163414][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2617.182609][ T9760] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2617.193359][ T9760] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2617.206471][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2617.215421][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2617.224163][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2617.233132][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2617.242606][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2617.264011][ T9760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2617.677948][ T9770] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2617.688234][ T9770] CPU: 0 PID: 9770 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2617.696084][ T9770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2617.706125][ T9770] Call Trace: [ 2617.709437][ T9770] dump_stack+0xf5/0x159 [ 2617.713685][ T9770] dump_header+0xaa/0x449 [ 2617.718011][ T9770] oom_kill_process.cold+0x10/0x15 [ 2617.723124][ T9770] out_of_memory+0x231/0xa00 [ 2617.727728][ T9770] mem_cgroup_out_of_memory+0x128/0x150 [ 2617.733278][ T9770] memory_max_write+0x17b/0x250 [ 2617.738120][ T9770] cgroup_file_write+0x119/0x320 [ 2617.743093][ T9770] ? high_work_func+0x30/0x30 [ 2617.747784][ T9770] kernfs_fop_write+0x1f4/0x2e0 [ 2617.752634][ T9770] ? cgroup_css.part.0+0x90/0x90 [ 2617.757574][ T9770] __vfs_write+0x67/0xc0 [ 2617.761804][ T9770] ? kernfs_seq_show+0xe0/0xe0 [ 2617.766584][ T9770] vfs_write+0x18a/0x390 [ 2617.770826][ T9770] ksys_write+0xd5/0x1b0 [ 2617.775060][ T9770] __x64_sys_write+0x4c/0x60 [ 2617.779660][ T9770] do_syscall_64+0xcc/0x370 [ 2617.784163][ T9770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2617.790077][ T9770] RIP: 0033:0x459f39 [ 2617.793965][ T9770] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2617.813551][ T9770] RSP: 002b:00007f239f43cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2617.821948][ T9770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2617.829910][ T9770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2617.837866][ T9770] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2617.845837][ T9770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f239f43d6d4 [ 2617.853808][ T9770] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2617.862451][ T9770] memory: usage 4740kB, limit 0kB, failcnt 5640 [ 2617.869162][ T9770] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2617.876060][ T9770] Memory cgroup stats for /syz1: [ 2617.876241][ T9770] anon 4308992 [ 2617.876241][ T9770] file 65536 [ 2617.876241][ T9770] kernel_stack 36864 [ 2617.876241][ T9770] slab 319488 [ 2617.876241][ T9770] sock 0 [ 2617.876241][ T9770] shmem 0 [ 2617.876241][ T9770] file_mapped 0 [ 2617.876241][ T9770] file_dirty 0 [ 2617.876241][ T9770] file_writeback 0 [ 2617.876241][ T9770] anon_thp 4194304 [ 2617.876241][ T9770] inactive_anon 0 [ 2617.876241][ T9770] active_anon 4308992 [ 2617.876241][ T9770] inactive_file 0 [ 2617.876241][ T9770] active_file 122880 [ 2617.876241][ T9770] unevictable 0 [ 2617.876241][ T9770] slab_reclaimable 135168 [ 2617.876241][ T9770] slab_unreclaimable 184320 [ 2617.876241][ T9770] pgfault 102135 [ 2617.876241][ T9770] pgmajfault 0 [ 2617.876241][ T9770] workingset_refault 0 [ 2617.876241][ T9770] workingset_activate 0 [ 2617.876241][ T9770] workingset_nodereclaim 1749 [ 2617.876241][ T9770] pgrefill 58491 [ 2617.876241][ T9770] pgscan 596691 [ 2617.876241][ T9770] pgsteal 205353 [ 2617.970116][ T9770] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9767,uid=0 [ 2617.991100][ T9770] Memory cgroup out of memory: Killed process 9767 (syz-executor.1) total-vm:72852kB, anon-rss:4196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 2618.017298][ T1062] oom_reaper: reaped process 9767 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:52:08 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:08 executing program 0: 07:52:08 executing program 3: 07:52:08 executing program 4: 07:52:08 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:08 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2618.157017][ T9760] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2618.197467][ T9760] CPU: 1 PID: 9760 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2618.205319][ T9760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2618.215467][ T9760] Call Trace: [ 2618.218784][ T9760] dump_stack+0xf5/0x159 [ 2618.218831][ T25] audit: type=1804 audit(1572076328.981:220): pid=9775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2341/bus" dev="sda1" ino=16533 res=1 [ 2618.223052][ T9760] dump_header+0xaa/0x449 [ 2618.223086][ T9760] oom_kill_process.cold+0x10/0x15 [ 2618.223135][ T9760] out_of_memory+0x231/0xa00 [ 2618.261737][ T9760] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2618.267432][ T9760] mem_cgroup_out_of_memory+0x128/0x150 [ 2618.273037][ T9760] try_charge+0xb3a/0xbc0 [ 2618.277400][ T9760] ? rcu_note_context_switch+0x700/0x760 [ 2618.283071][ T9760] mem_cgroup_try_charge+0xd2/0x260 [ 2618.288344][ T9760] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2618.294003][ T9760] wp_page_copy+0x322/0x1160 [ 2618.298684][ T9760] ? preempt_schedule+0x30/0x40 [ 2618.303571][ T9760] ? ___preempt_schedule+0x16/0x20 [ 2618.308716][ T9760] do_wp_page+0x192/0x11f0 [ 2618.313171][ T9760] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2618.318828][ T9760] __handle_mm_fault+0x1c07/0x2cb0 [ 2618.324018][ T9760] handle_mm_fault+0x21b/0x530 [ 2618.328823][ T9760] __do_page_fault+0x3fb/0x9e0 [ 2618.333623][ T9760] do_page_fault+0x54/0x233 [ 2618.338224][ T9760] ? do_syscall_64+0x270/0x370 [ 2618.343007][ T9760] page_fault+0x34/0x40 [ 2618.347248][ T9760] RIP: 0033:0x403a42 [ 2618.351239][ T9760] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 19 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 39 44 05 00 48 [ 2618.370866][ T9760] RSP: 002b:00007fffa7376d50 EFLAGS: 00010246 [ 2618.374958][ T25] audit: type=1804 audit(1572076328.981:221): pid=9775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2341/bus" dev="sda1" ino=16533 res=1 [ 2618.377036][ T9760] RAX: 0000000000000000 RBX: 000000000027f0f0 RCX: 00000000004139f0 [ 2618.408981][ T9760] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffa7377e80 [ 2618.417015][ T9760] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000013da940 [ 2618.425113][ T9760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa7377e80 [ 2618.433149][ T9760] R13: 00007fffa7377e70 R14: 0000000000000000 R15: 00007fffa7377e80 07:52:09 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:09 executing program 3: 07:52:09 executing program 0: 07:52:09 executing program 4: [ 2618.597607][ T25] audit: type=1804 audit(1572076329.381:222): pid=9780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2342/bus" dev="sda1" ino=16737 res=1 [ 2618.622289][ T9760] memory: usage 332kB, limit 0kB, failcnt 5649 [ 2618.629664][ T9760] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2618.645068][ T9760] Memory cgroup stats for /syz1: [ 2618.645316][ T9760] anon 57344 [ 2618.645316][ T9760] file 65536 [ 2618.645316][ T9760] kernel_stack 0 [ 2618.645316][ T9760] slab 319488 [ 2618.645316][ T9760] sock 0 [ 2618.645316][ T9760] shmem 0 [ 2618.645316][ T9760] file_mapped 0 [ 2618.645316][ T9760] file_dirty 0 [ 2618.645316][ T9760] file_writeback 0 [ 2618.645316][ T9760] anon_thp 0 [ 2618.645316][ T9760] inactive_anon 0 [ 2618.645316][ T9760] active_anon 57344 [ 2618.645316][ T9760] inactive_file 0 [ 2618.645316][ T9760] active_file 122880 [ 2618.645316][ T9760] unevictable 0 [ 2618.645316][ T9760] slab_reclaimable 135168 [ 2618.645316][ T9760] slab_unreclaimable 184320 [ 2618.645316][ T9760] pgfault 102135 [ 2618.645316][ T9760] pgmajfault 0 [ 2618.645316][ T9760] workingset_refault 0 [ 2618.645316][ T9760] workingset_activate 0 [ 2618.645316][ T9760] workingset_nodereclaim 1749 [ 2618.645316][ T9760] pgrefill 58491 [ 2618.645316][ T9760] pgscan 596691 [ 2618.645316][ T9760] pgsteal 205353 [ 2618.645316][ T9760] pgactivate 150018 07:52:09 executing program 3: [ 2618.770906][ T25] audit: type=1804 audit(1572076329.421:223): pid=9780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2342/bus" dev="sda1" ino=16737 res=1 07:52:09 executing program 0: [ 2618.981943][ T9760] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9760,uid=0 [ 2619.005869][ T9760] Memory cgroup out of memory: Killed process 9760 (syz-executor.1) total-vm:72456kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2619.118357][ T1062] oom_reaper: reaped process 9760 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:10 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r10, 0x0, 0x0) 07:52:10 executing program 4: 07:52:10 executing program 3: 07:52:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x0) sendfile(r4, r5, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2619.633925][ T25] audit: type=1804 audit(1572076330.411:224): pid=9793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2343/bus" dev="sda1" ino=16897 res=1 [ 2619.681966][ T25] audit: type=1804 audit(1572076330.451:225): pid=9793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2343/bus" dev="sda1" ino=16897 res=1 [ 2620.055686][ T8681] device bridge_slave_1 left promiscuous mode [ 2620.061933][ T8681] bridge0: port 2(bridge_slave_1) entered disabled state [ 2620.125545][ T8681] device bridge_slave_0 left promiscuous mode [ 2620.131753][ T8681] bridge0: port 1(bridge_slave_0) entered disabled state [ 2620.955070][ T8681] device hsr_slave_0 left promiscuous mode [ 2621.005115][ T8681] device hsr_slave_1 left promiscuous mode [ 2621.053316][ T8681] team0 (unregistering): Port device team_slave_1 removed [ 2621.064151][ T8681] team0 (unregistering): Port device team_slave_0 removed [ 2621.075221][ T8681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2621.109777][ T8681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2621.191780][ T8681] bond0 (unregistering): Released all slaves [ 2621.293695][ T9798] IPVS: ftp: loaded support on port[0] = 21 [ 2621.358550][ T9798] chnl_net:caif_netlink_parms(): no params data found [ 2621.388645][ T9798] bridge0: port 1(bridge_slave_0) entered blocking state [ 2621.395949][ T9798] bridge0: port 1(bridge_slave_0) entered disabled state [ 2621.403711][ T9798] device bridge_slave_0 entered promiscuous mode [ 2621.411484][ T9798] bridge0: port 2(bridge_slave_1) entered blocking state [ 2621.418654][ T9798] bridge0: port 2(bridge_slave_1) entered disabled state [ 2621.426905][ T9798] device bridge_slave_1 entered promiscuous mode [ 2621.490342][ T9798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2621.503268][ T9798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2621.533712][ T9798] team0: Port device team_slave_0 added [ 2621.543350][ T9798] team0: Port device team_slave_1 added [ 2621.618054][ T9798] device hsr_slave_0 entered promiscuous mode [ 2621.655258][ T9798] device hsr_slave_1 entered promiscuous mode [ 2621.699478][ T9798] debugfs: Directory 'hsr0' with parent '/' already present! [ 2621.721070][ T9798] bridge0: port 2(bridge_slave_1) entered blocking state [ 2621.728215][ T9798] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2621.735606][ T9798] bridge0: port 1(bridge_slave_0) entered blocking state [ 2621.742641][ T9798] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2621.792111][ T9798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2621.811451][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2621.825848][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2621.834186][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2621.855239][ T9798] 8021q: adding VLAN 0 to HW filter on device team0 [ 2621.869598][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2621.880961][T26241] bridge0: port 1(bridge_slave_0) entered blocking state [ 2621.888032][T26241] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2621.921549][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2621.930353][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2621.937420][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2621.952949][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2621.962544][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2621.983873][ T9798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2621.999886][ T9798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2622.014142][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2622.028275][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2622.042218][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2622.060763][ T9798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2622.070638][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2622.556551][ T9806] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2622.569064][ T9806] CPU: 0 PID: 9806 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2622.576879][ T9806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2622.586992][ T9806] Call Trace: [ 2622.590311][ T9806] dump_stack+0xf5/0x159 [ 2622.594583][ T9806] dump_header+0xaa/0x449 [ 2622.598989][ T9806] oom_kill_process.cold+0x10/0x15 [ 2622.604092][ T9806] out_of_memory+0x231/0xa00 [ 2622.608741][ T9806] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2622.614426][ T9806] mem_cgroup_out_of_memory+0x128/0x150 [ 2622.619971][ T9806] try_charge+0xb3a/0xbc0 [ 2622.624365][ T9806] ? rcu_note_context_switch+0x700/0x760 [ 2622.630097][ T9806] mem_cgroup_try_charge+0xd2/0x260 [ 2622.635311][ T9806] __add_to_page_cache_locked+0x163/0x780 [ 2622.641051][ T9806] ? __read_once_size.constprop.0+0x20/0x20 [ 2622.646957][ T9806] add_to_page_cache_lru+0xe2/0x2d0 [ 2622.652181][ T9806] pagecache_get_page+0x2ab/0x760 [ 2622.657202][ T9806] grab_cache_page_write_begin+0x5d/0x90 [ 2622.662856][ T9806] ext4_da_write_begin+0x175/0x7e0 [ 2622.668501][ T9806] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2622.674140][ T9806] generic_perform_write+0x136/0x320 [ 2622.679467][ T9806] __generic_file_write_iter+0x251/0x380 [ 2622.685117][ T9806] ext4_file_write_iter+0x1bd/0xa00 [ 2622.690461][ T9806] new_sync_write+0x388/0x4a0 [ 2622.695264][ T9806] __vfs_write+0xb1/0xc0 [ 2622.699494][ T9806] vfs_write+0x18a/0x390 [ 2622.703761][ T9806] ksys_write+0xd5/0x1b0 [ 2622.708097][ T9806] __x64_sys_write+0x4c/0x60 [ 2622.712762][ T9806] do_syscall_64+0xcc/0x370 [ 2622.717256][ T9806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2622.723171][ T9806] RIP: 0033:0x459f39 [ 2622.727087][ T9806] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2622.746733][ T9806] RSP: 002b:00007f7d6c2f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2622.755168][ T9806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2622.763134][ T9806] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2622.771109][ T9806] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2622.779139][ T9806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7d6c2f66d4 [ 2622.787107][ T9806] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2622.796595][ T9806] memory: usage 6832kB, limit 0kB, failcnt 5230 [ 2622.802921][ T9806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2622.809950][ T9806] Memory cgroup stats for /syz2: [ 2622.810249][ T9806] anon 6369280 [ 2622.810249][ T9806] file 229376 [ 2622.810249][ T9806] kernel_stack 36864 [ 2622.810249][ T9806] slab 241664 [ 2622.810249][ T9806] sock 0 [ 2622.810249][ T9806] shmem 0 [ 2622.810249][ T9806] file_mapped 0 [ 2622.810249][ T9806] file_dirty 0 [ 2622.810249][ T9806] file_writeback 0 [ 2622.810249][ T9806] anon_thp 6291456 [ 2622.810249][ T9806] inactive_anon 135168 [ 2622.810249][ T9806] active_anon 6369280 [ 2622.810249][ T9806] inactive_file 229376 [ 2622.810249][ T9806] active_file 45056 [ 2622.810249][ T9806] unevictable 0 [ 2622.810249][ T9806] slab_reclaimable 135168 [ 2622.810249][ T9806] slab_unreclaimable 106496 [ 2622.810249][ T9806] pgfault 111342 [ 2622.810249][ T9806] pgmajfault 0 [ 2622.810249][ T9806] workingset_refault 0 [ 2622.810249][ T9806] workingset_activate 0 [ 2622.810249][ T9806] workingset_nodereclaim 2178 [ 2622.810249][ T9806] pgrefill 89645 [ 2622.810249][ T9806] pgscan 726527 [ 2622.810249][ T9806] pgsteal 227088 [ 2622.904634][ T9806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9805,uid=0 [ 2622.920452][ T9806] Memory cgroup out of memory: Killed process 9805 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 2622.940584][ T1062] oom_reaper: reaped process 9805 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:52:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:13 executing program 4: 07:52:13 executing program 0: 07:52:13 executing program 3: 07:52:13 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r10, 0x0, 0x0) 07:52:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) dup(r3) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(0xffffffffffffffff, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2623.046630][ T9798] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2623.069346][ T9798] CPU: 0 PID: 9798 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2623.077188][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2623.087245][ T9798] Call Trace: [ 2623.090565][ T9798] dump_stack+0xf5/0x159 [ 2623.094941][ T9798] dump_header+0xaa/0x449 [ 2623.099304][ T9798] oom_kill_process.cold+0x10/0x15 [ 2623.104474][ T9798] out_of_memory+0x231/0xa00 [ 2623.109108][ T9798] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2623.114764][ T9798] mem_cgroup_out_of_memory+0x128/0x150 [ 2623.120352][ T9798] try_charge+0xb3a/0xbc0 [ 2623.124765][ T9798] ? rcu_note_context_switch+0x700/0x760 [ 2623.130499][ T9798] mem_cgroup_try_charge+0xd2/0x260 [ 2623.135756][ T9798] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2623.141432][ T9798] wp_page_copy+0x322/0x1160 [ 2623.146076][ T9798] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2623.151738][ T9798] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2623.157403][ T9798] do_wp_page+0x192/0x11f0 [ 2623.161844][ T9798] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2623.167566][ T9798] __handle_mm_fault+0x1c07/0x2cb0 [ 2623.172753][ T9798] handle_mm_fault+0x21b/0x530 [ 2623.177550][ T9798] __do_page_fault+0x3fb/0x9e0 [ 2623.182351][ T9798] do_page_fault+0x54/0x233 [ 2623.186918][ T9798] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2623.192686][ T9798] page_fault+0x34/0x40 [ 2623.196849][ T9798] RIP: 0033:0x431016 [ 2623.200863][ T9798] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2623.220998][ T9798] RSP: 002b:00007ffe84ca7120 EFLAGS: 00010206 [ 2623.227078][ T9798] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2623.235057][ T9798] RDX: 00000000013c3930 RSI: 00000000013cb970 RDI: 0000000000000003 07:52:14 executing program 0: [ 2623.243038][ T9798] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000013c2940 [ 2623.251080][ T9798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2623.259072][ T9798] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:52:14 executing program 3: [ 2623.337624][ T25] audit: type=1804 audit(1572076334.121:226): pid=9813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2344/bus" dev="sda1" ino=16705 res=1 07:52:14 executing program 4: [ 2623.436547][ T25] audit: type=1804 audit(1572076334.121:227): pid=9813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2344/bus" dev="sda1" ino=16705 res=1 07:52:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) dup(r3) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(0xffffffffffffffff, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:14 executing program 0: [ 2623.554933][ T9798] memory: usage 368kB, limit 0kB, failcnt 5241 [ 2623.561143][ T9798] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2623.634906][ T9798] Memory cgroup stats for /syz2: [ 2623.635133][ T9798] anon 61440 [ 2623.635133][ T9798] file 229376 [ 2623.635133][ T9798] kernel_stack 36864 [ 2623.635133][ T9798] slab 241664 [ 2623.635133][ T9798] sock 0 [ 2623.635133][ T9798] shmem 0 [ 2623.635133][ T9798] file_mapped 0 [ 2623.635133][ T9798] file_dirty 0 [ 2623.635133][ T9798] file_writeback 0 [ 2623.635133][ T9798] anon_thp 0 [ 2623.635133][ T9798] inactive_anon 135168 [ 2623.635133][ T9798] active_anon 61440 [ 2623.635133][ T9798] inactive_file 229376 [ 2623.635133][ T9798] active_file 45056 [ 2623.635133][ T9798] unevictable 0 [ 2623.635133][ T9798] slab_reclaimable 135168 [ 2623.635133][ T9798] slab_unreclaimable 106496 [ 2623.635133][ T9798] pgfault 111342 [ 2623.635133][ T9798] pgmajfault 0 [ 2623.635133][ T9798] workingset_refault 0 [ 2623.635133][ T9798] workingset_activate 0 [ 2623.635133][ T9798] workingset_nodereclaim 2211 [ 2623.635133][ T9798] pgrefill 89645 [ 2623.635133][ T9798] pgscan 726527 [ 2623.635133][ T9798] pgsteal 227088 [ 2623.710682][ T25] audit: type=1804 audit(1572076334.421:228): pid=9821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2345/bus" dev="sda1" ino=16705 res=1 07:52:14 executing program 0: [ 2623.876763][ T25] audit: type=1804 audit(1572076334.551:229): pid=9823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2345/bus" dev="sda1" ino=16705 res=1 [ 2623.908732][ T9798] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9798,uid=0 [ 2623.928497][ T9798] Memory cgroup out of memory: Killed process 9798 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2624.025879][ T1062] oom_reaper: reaped process 9798 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:15 executing program 3: 07:52:15 executing program 4: 07:52:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) dup(r3) r4 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(0xffffffffffffffff, r4, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2624.629586][ T25] audit: type=1804 audit(1572076335.401:230): pid=9831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2346/bus" dev="sda1" ino=16785 res=1 [ 2624.686987][ T25] audit: type=1804 audit(1572076335.401:231): pid=9831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2346/bus" dev="sda1" ino=16785 res=1 [ 2624.926318][ T8681] device bridge_slave_1 left promiscuous mode [ 2624.932605][ T8681] bridge0: port 2(bridge_slave_1) entered disabled state [ 2624.965718][ T8681] device bridge_slave_0 left promiscuous mode [ 2624.971988][ T8681] bridge0: port 1(bridge_slave_0) entered disabled state [ 2625.855131][ T8681] device hsr_slave_0 left promiscuous mode [ 2625.894989][ T8681] device hsr_slave_1 left promiscuous mode [ 2625.943618][ T8681] team0 (unregistering): Port device team_slave_1 removed [ 2625.954478][ T8681] team0 (unregistering): Port device team_slave_0 removed [ 2625.965185][ T8681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2626.008843][ T8681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2626.090630][ T8681] bond0 (unregistering): Released all slaves [ 2626.192557][ T9836] IPVS: ftp: loaded support on port[0] = 21 [ 2626.256057][ T9836] chnl_net:caif_netlink_parms(): no params data found [ 2626.339401][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state [ 2626.346630][ T9836] bridge0: port 1(bridge_slave_0) entered disabled state [ 2626.354668][ T9836] device bridge_slave_0 entered promiscuous mode [ 2626.367606][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state [ 2626.374714][ T9836] bridge0: port 2(bridge_slave_1) entered disabled state [ 2626.387663][ T9836] device bridge_slave_1 entered promiscuous mode [ 2626.417720][ T9836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2626.431298][ T9836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2626.462407][ T9836] team0: Port device team_slave_0 added [ 2626.471610][ T9836] team0: Port device team_slave_1 added [ 2626.550163][ T9836] device hsr_slave_0 entered promiscuous mode [ 2626.607571][ T9836] device hsr_slave_1 entered promiscuous mode [ 2626.647022][ T9836] debugfs: Directory 'hsr0' with parent '/' already present! [ 2626.668498][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state [ 2626.675605][ T9836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2626.682916][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state [ 2626.690001][ T9836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2626.742955][ T9836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2626.761428][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2626.770253][ T5583] bridge0: port 1(bridge_slave_0) entered disabled state [ 2626.783885][ T5583] bridge0: port 2(bridge_slave_1) entered disabled state [ 2626.804648][ T9836] 8021q: adding VLAN 0 to HW filter on device team0 [ 2626.821693][ T5583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2626.830741][ T5583] bridge0: port 1(bridge_slave_0) entered blocking state [ 2626.837815][ T5583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2626.869734][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2626.878681][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2626.885743][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2626.896456][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2626.905486][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2626.914156][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2626.922894][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2626.934290][ T9836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2626.945622][ T9836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2626.953553][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2626.971405][ T9836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2627.313996][ T9844] syz-executor.1 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2627.331070][ T9844] CPU: 1 PID: 9844 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2627.338877][ T9844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2627.348914][ T9844] Call Trace: [ 2627.352197][ T9844] dump_stack+0xf5/0x159 [ 2627.356487][ T9844] dump_header+0xaa/0x449 [ 2627.360919][ T9844] oom_kill_process.cold+0x10/0x15 [ 2627.366078][ T9844] out_of_memory+0x231/0xa00 [ 2627.370699][ T9844] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2627.376350][ T9844] mem_cgroup_out_of_memory+0x128/0x150 [ 2627.381972][ T9844] try_charge+0xb3a/0xbc0 [ 2627.386326][ T9844] ? rcu_note_context_switch+0x700/0x760 [ 2627.391978][ T9844] mem_cgroup_try_charge+0xd2/0x260 [ 2627.397169][ T9844] __add_to_page_cache_locked+0x163/0x780 [ 2627.402999][ T9844] ? __read_once_size.constprop.0+0x20/0x20 [ 2627.408895][ T9844] add_to_page_cache_lru+0xe2/0x2d0 [ 2627.414088][ T9844] pagecache_get_page+0x2ab/0x760 [ 2627.419105][ T9844] grab_cache_page_write_begin+0x5d/0x90 [ 2627.424775][ T9844] ext4_da_write_begin+0x175/0x7e0 [ 2627.429890][ T9844] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2627.435551][ T9844] generic_perform_write+0x136/0x320 [ 2627.440959][ T9844] __generic_file_write_iter+0x251/0x380 [ 2627.446680][ T9844] ext4_file_write_iter+0x1bd/0xa00 [ 2627.451955][ T9844] new_sync_write+0x388/0x4a0 [ 2627.456740][ T9844] __vfs_write+0xb1/0xc0 [ 2627.461016][ T9844] vfs_write+0x18a/0x390 [ 2627.465277][ T9844] ksys_write+0xd5/0x1b0 [ 2627.469595][ T9844] __x64_sys_write+0x4c/0x60 [ 2627.474238][ T9844] do_syscall_64+0xcc/0x370 [ 2627.478791][ T9844] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2627.484668][ T9844] RIP: 0033:0x459f39 [ 2627.488611][ T9844] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2627.508297][ T9844] RSP: 002b:00007f723942ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2627.516747][ T9844] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2627.524735][ T9844] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2627.532690][ T9844] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2627.540677][ T9844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f723942b6d4 [ 2627.548634][ T9844] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2627.557979][ T9844] memory: usage 4720kB, limit 0kB, failcnt 5674 [ 2627.564362][ T9844] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2627.571571][ T9844] Memory cgroup stats for /syz1: [ 2627.571802][ T9844] anon 4362240 [ 2627.571802][ T9844] file 90112 [ 2627.571802][ T9844] kernel_stack 36864 [ 2627.571802][ T9844] slab 319488 [ 2627.571802][ T9844] sock 0 [ 2627.571802][ T9844] shmem 0 [ 2627.571802][ T9844] file_mapped 0 [ 2627.571802][ T9844] file_dirty 0 [ 2627.571802][ T9844] file_writeback 0 [ 2627.571802][ T9844] anon_thp 4194304 [ 2627.571802][ T9844] inactive_anon 0 [ 2627.571802][ T9844] active_anon 4362240 [ 2627.571802][ T9844] inactive_file 16384 [ 2627.571802][ T9844] active_file 0 [ 2627.571802][ T9844] unevictable 0 [ 2627.571802][ T9844] slab_reclaimable 135168 [ 2627.571802][ T9844] slab_unreclaimable 184320 [ 2627.571802][ T9844] pgfault 102201 [ 2627.571802][ T9844] pgmajfault 0 [ 2627.571802][ T9844] workingset_refault 0 [ 2627.571802][ T9844] workingset_activate 0 [ 2627.571802][ T9844] workingset_nodereclaim 1749 [ 2627.571802][ T9844] pgrefill 58530 [ 2627.571802][ T9844] pgscan 597935 [ 2627.571802][ T9844] pgsteal 206358 [ 2627.667190][ T9844] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9842,uid=0 [ 2627.685219][ T9844] Memory cgroup out of memory: Killed process 9842 (syz-executor.1) total-vm:72720kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2627.706434][ T1062] oom_reaper: reaped process 9842 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:52:18 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r10, 0x0, 0x0) 07:52:18 executing program 0: 07:52:18 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:18 executing program 3: 07:52:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r4, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:18 executing program 4: [ 2627.803847][ T9836] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2627.861658][ T9836] CPU: 0 PID: 9836 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2627.869496][ T9836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2627.879551][ T9836] Call Trace: [ 2627.882868][ T9836] dump_stack+0xf5/0x159 [ 2627.887132][ T9836] dump_header+0xaa/0x449 [ 2627.891617][ T9836] oom_kill_process.cold+0x10/0x15 [ 2627.896861][ T9836] out_of_memory+0x231/0xa00 [ 2627.901485][ T9836] mem_cgroup_out_of_memory+0x128/0x150 [ 2627.907060][ T9836] try_charge+0xb3a/0xbc0 [ 2627.911414][ T9836] ? __tsan_read4+0x2c/0x30 [ 2627.915934][ T9836] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 2627.921419][ T9836] cache_grow_begin+0x3ed/0x670 [ 2627.926298][ T9836] fallback_alloc+0x161/0x1f0 [ 2627.931009][ T9836] ____cache_alloc_node+0x1b1/0x1c0 [ 2627.936241][ T9836] ? debug_smp_processor_id+0x4c/0x172 [ 2627.941727][ T9836] kmem_cache_alloc+0x179/0x5d0 [ 2627.946605][ T9836] __alloc_file+0x4d/0x210 [ 2627.947521][ T25] audit: type=1804 audit(1572076338.641:232): pid=9851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2347/bus" dev="sda1" ino=16689 res=1 [ 2627.951039][ T9836] alloc_empty_file+0x8f/0x180 [ 2627.951086][ T9836] path_openat+0x74/0x36e0 [ 2627.984814][ T9836] ? ___cache_free+0x2e/0x320 [ 2627.989512][ T9836] ? path_mountpoint+0x2eb/0xd70 [ 2627.994463][ T9836] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2628.000114][ T9836] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2628.005779][ T9836] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2628.011691][ T9836] do_filp_open+0x11e/0x1b0 [ 2628.016214][ T9836] ? __tsan_read8+0x2c/0x30 [ 2628.020737][ T9836] ? __alloc_fd+0x316/0x4c0 [ 2628.025272][ T9836] do_sys_open+0x3b3/0x4f0 [ 2628.029707][ T9836] __x64_sys_open+0x55/0x70 [ 2628.034241][ T9836] do_syscall_64+0xcc/0x370 [ 2628.038768][ T9836] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2628.044671][ T9836] RIP: 0033:0x457eb0 07:52:18 executing program 0: [ 2628.048583][ T9836] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2628.050206][ T25] audit: type=1804 audit(1572076338.641:233): pid=9851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2347/bus" dev="sda1" ino=16689 res=1 [ 2628.068194][ T9836] RSP: 002b:00007fffff6c0340 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 2628.068219][ T9836] RAX: ffffffffffffffda RBX: 000000000028167e RCX: 0000000000457eb0 [ 2628.068234][ T9836] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fffff6c1520 [ 2628.068281][ T9836] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000012cf940 [ 2628.124517][ T9836] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fffff6c1520 [ 2628.132502][ T9836] R13: 00007fffff6c1510 R14: 0000000000000000 R15: 00007fffff6c1520 07:52:19 executing program 4: 07:52:19 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r4, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:19 executing program 3: 07:52:19 executing program 0: [ 2628.366735][ T25] audit: type=1804 audit(1572076339.151:234): pid=9855 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2348/bus" dev="sda1" ino=16563 res=1 [ 2628.501093][ T25] audit: type=1804 audit(1572076339.151:235): pid=9855 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2348/bus" dev="sda1" ino=16563 res=1 [ 2628.539995][ T9836] memory: usage 336kB, limit 0kB, failcnt 5689 [ 2628.547390][ T9836] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2628.583937][ T9836] Memory cgroup stats for /syz1: [ 2628.584136][ T9836] anon 90112 [ 2628.584136][ T9836] file 90112 [ 2628.584136][ T9836] kernel_stack 36864 [ 2628.584136][ T9836] slab 319488 [ 2628.584136][ T9836] sock 0 [ 2628.584136][ T9836] shmem 0 [ 2628.584136][ T9836] file_mapped 0 [ 2628.584136][ T9836] file_dirty 0 [ 2628.584136][ T9836] file_writeback 0 [ 2628.584136][ T9836] anon_thp 0 [ 2628.584136][ T9836] inactive_anon 0 [ 2628.584136][ T9836] active_anon 90112 [ 2628.584136][ T9836] inactive_file 16384 07:52:19 executing program 3: [ 2628.584136][ T9836] active_file 0 [ 2628.584136][ T9836] unevictable 0 [ 2628.584136][ T9836] slab_reclaimable 135168 [ 2628.584136][ T9836] slab_unreclaimable 184320 [ 2628.584136][ T9836] pgfault 102201 [ 2628.584136][ T9836] pgmajfault 0 [ 2628.584136][ T9836] workingset_refault 0 [ 2628.584136][ T9836] workingset_activate 0 [ 2628.584136][ T9836] workingset_nodereclaim 1749 [ 2628.584136][ T9836] pgrefill 58530 [ 2628.584136][ T9836] pgscan 597935 [ 2628.584136][ T9836] pgsteal 206358 [ 2628.584136][ T9836] pgactivate 150216 [ 2628.680831][ T9836] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9836,uid=0 [ 2628.715032][ T9836] Memory cgroup out of memory: Killed process 9836 (syz-executor.1) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2628.736293][ T1062] oom_reaper: reaped process 9836 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:20 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:20 executing program 4: [ 2629.675686][ T8681] device bridge_slave_1 left promiscuous mode [ 2629.681934][ T8681] bridge0: port 2(bridge_slave_1) entered disabled state [ 2629.725616][ T8681] device bridge_slave_0 left promiscuous mode [ 2629.731840][ T8681] bridge0: port 1(bridge_slave_0) entered disabled state [ 2630.585327][ T8681] device hsr_slave_0 left promiscuous mode [ 2630.625038][ T8681] device hsr_slave_1 left promiscuous mode [ 2630.693185][ T8681] team0 (unregistering): Port device team_slave_1 removed [ 2630.703863][ T8681] team0 (unregistering): Port device team_slave_0 removed [ 2630.714445][ T8681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2630.758799][ T8681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2630.821695][ T8681] bond0 (unregistering): Released all slaves [ 2630.924134][ T9869] IPVS: ftp: loaded support on port[0] = 21 [ 2630.988698][ T9869] chnl_net:caif_netlink_parms(): no params data found [ 2631.021819][ T9869] bridge0: port 1(bridge_slave_0) entered blocking state [ 2631.028955][ T9869] bridge0: port 1(bridge_slave_0) entered disabled state [ 2631.037077][ T9869] device bridge_slave_0 entered promiscuous mode [ 2631.044517][ T9869] bridge0: port 2(bridge_slave_1) entered blocking state [ 2631.051707][ T9869] bridge0: port 2(bridge_slave_1) entered disabled state [ 2631.059800][ T9869] device bridge_slave_1 entered promiscuous mode [ 2631.141882][ T9869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2631.153335][ T9869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2631.184220][ T9869] team0: Port device team_slave_0 added [ 2631.193547][ T9869] team0: Port device team_slave_1 added [ 2631.270418][ T9869] device hsr_slave_0 entered promiscuous mode [ 2631.335285][ T9869] device hsr_slave_1 entered promiscuous mode [ 2631.404972][ T9869] debugfs: Directory 'hsr0' with parent '/' already present! [ 2631.426300][ T9869] bridge0: port 2(bridge_slave_1) entered blocking state [ 2631.433362][ T9869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2631.440809][ T9869] bridge0: port 1(bridge_slave_0) entered blocking state [ 2631.447885][ T9869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2631.502942][ T9869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2631.521593][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2631.530415][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 2631.543567][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 2631.563891][ T9869] 8021q: adding VLAN 0 to HW filter on device team0 [ 2631.576081][ T6155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2631.584495][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2631.591551][ T6155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2631.619354][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2631.628133][ T5750] bridge0: port 2(bridge_slave_1) entered blocking state [ 2631.635197][ T5750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2631.646680][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2631.666022][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2631.674598][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2631.684119][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2631.692915][ T5750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2631.702417][ T9869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2631.740204][ T9869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2632.119950][ T9877] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 2632.132637][ T9877] CPU: 0 PID: 9877 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2632.140489][ T9877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2632.150573][ T9877] Call Trace: [ 2632.153902][ T9877] dump_stack+0xf5/0x159 [ 2632.158220][ T9877] dump_header+0xaa/0x449 [ 2632.162573][ T9877] oom_kill_process.cold+0x10/0x15 [ 2632.167776][ T9877] out_of_memory+0x231/0xa00 [ 2632.172403][ T9877] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.178063][ T9877] mem_cgroup_out_of_memory+0x128/0x150 [ 2632.183630][ T9877] try_charge+0xb3a/0xbc0 [ 2632.188001][ T9877] ? rcu_note_context_switch+0x700/0x760 [ 2632.193649][ T9877] mem_cgroup_try_charge+0xd2/0x260 [ 2632.198871][ T9877] __add_to_page_cache_locked+0x163/0x780 [ 2632.204648][ T9877] ? __read_once_size.constprop.0+0x20/0x20 [ 2632.210558][ T9877] add_to_page_cache_lru+0xe2/0x2d0 [ 2632.215842][ T9877] pagecache_get_page+0x2ab/0x760 [ 2632.221027][ T9877] grab_cache_page_write_begin+0x5d/0x90 [ 2632.226669][ T9877] ext4_da_write_begin+0x175/0x7e0 [ 2632.231813][ T9877] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.237496][ T9877] generic_perform_write+0x136/0x320 [ 2632.242839][ T9877] __generic_file_write_iter+0x251/0x380 [ 2632.248502][ T9877] ext4_file_write_iter+0x1bd/0xa00 [ 2632.253727][ T9877] new_sync_write+0x388/0x4a0 [ 2632.258432][ T9877] __vfs_write+0xb1/0xc0 [ 2632.262685][ T9877] vfs_write+0x18a/0x390 [ 2632.266984][ T9877] ksys_write+0xd5/0x1b0 [ 2632.271241][ T9877] __x64_sys_write+0x4c/0x60 [ 2632.275876][ T9877] do_syscall_64+0xcc/0x370 [ 2632.280439][ T9877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2632.286329][ T9877] RIP: 0033:0x459f39 [ 2632.290248][ T9877] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2632.309929][ T9877] RSP: 002b:00007f93de0d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2632.318365][ T9877] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2632.326337][ T9877] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2632.334307][ T9877] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2632.342281][ T9877] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f93de0d46d4 [ 2632.350256][ T9877] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2632.361589][ T9877] memory: usage 6868kB, limit 0kB, failcnt 5272 [ 2632.367965][ T9877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2632.375360][ T9877] Memory cgroup stats for /syz2: [ 2632.375601][ T9877] anon 6369280 [ 2632.375601][ T9877] file 73728 [ 2632.375601][ T9877] kernel_stack 36864 [ 2632.375601][ T9877] slab 241664 [ 2632.375601][ T9877] sock 0 [ 2632.375601][ T9877] shmem 0 [ 2632.375601][ T9877] file_mapped 0 [ 2632.375601][ T9877] file_dirty 135168 [ 2632.375601][ T9877] file_writeback 0 [ 2632.375601][ T9877] anon_thp 6291456 [ 2632.375601][ T9877] inactive_anon 135168 [ 2632.375601][ T9877] active_anon 6369280 [ 2632.375601][ T9877] inactive_file 73728 [ 2632.375601][ T9877] active_file 45056 [ 2632.375601][ T9877] unevictable 0 [ 2632.375601][ T9877] slab_reclaimable 135168 [ 2632.375601][ T9877] slab_unreclaimable 106496 [ 2632.375601][ T9877] pgfault 111441 [ 2632.375601][ T9877] pgmajfault 0 [ 2632.375601][ T9877] workingset_refault 0 [ 2632.375601][ T9877] workingset_activate 0 [ 2632.375601][ T9877] workingset_nodereclaim 2211 [ 2632.375601][ T9877] pgrefill 90352 [ 2632.375601][ T9877] pgscan 730372 [ 2632.375601][ T9877] pgsteal 229142 [ 2632.469940][ T9877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9875,uid=0 [ 2632.485505][ T9877] Memory cgroup out of memory: Killed process 9875 (syz-executor.2) total-vm:72852kB, anon-rss:6240kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2632.505992][ T1062] oom_reaper: reaped process 9875 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 07:52:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0x100000001, 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:23 executing program 3: 07:52:23 executing program 0: 07:52:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x200004) sendfile(r4, 0xffffffffffffffff, 0x0, 0x8000fffffffe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:52:23 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0x12) write$cgroup_int(r10, 0x0, 0x0) 07:52:23 executing program 4: [ 2632.622108][ T9869] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2632.658417][ T9869] CPU: 1 PID: 9869 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 [ 2632.666316][ T9869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2632.676485][ T9869] Call Trace: [ 2632.679875][ T9869] dump_stack+0xf5/0x159 [ 2632.684197][ T9869] dump_header+0xaa/0x449 [ 2632.688559][ T9869] oom_kill_process.cold+0x10/0x15 [ 2632.693701][ T9869] out_of_memory+0x231/0xa00 [ 2632.698358][ T9869] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.704082][ T9869] mem_cgroup_out_of_memory+0x128/0x150 [ 2632.706216][ T25] audit: type=1804 audit(1572076343.441:236): pid=9885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2349/bus" dev="sda1" ino=16706 res=1 [ 2632.709664][ T9869] try_charge+0xb3a/0xbc0 [ 2632.738446][ T9869] ? rcu_note_context_switch+0x700/0x760 [ 2632.744166][ T9869] mem_cgroup_try_charge+0xd2/0x260 [ 2632.749387][ T9869] mem_cgroup_try_charge_delay+0x3a/0x80 [ 2632.755109][ T9869] wp_page_copy+0x322/0x1160 [ 2632.759799][ T9869] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.765449][ T9869] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.771203][ T9869] do_wp_page+0x192/0x11f0 [ 2632.775700][ T9869] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2632.781372][ T9869] __handle_mm_fault+0x1c07/0x2cb0 [ 2632.784028][ T25] audit: type=1804 audit(1572076343.441:237): pid=9885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2349/bus" dev="sda1" ino=16706 res=1 [ 2632.786561][ T9869] handle_mm_fault+0x21b/0x530 [ 2632.786607][ T9869] __do_page_fault+0x3fb/0x9e0 [ 2632.820090][ T9869] do_page_fault+0x54/0x233 [ 2632.824670][ T9869] ? prepare_exit_to_usermode+0x154/0x1a0 [ 2632.830406][ T9869] page_fault+0x34/0x40 [ 2632.834580][ T9869] RIP: 0033:0x431016 [ 2632.838688][ T9869] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 cc 5c 64 00 85 c0 0f 84 [ 2632.858431][ T9869] RSP: 002b:00007ffec8ab8310 EFLAGS: 00010206 [ 2632.864506][ T9869] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2632.872486][ T9869] RDX: 0000000001f87930 RSI: 0000000001f8f970 RDI: 0000000000000003 [ 2632.880468][ T9869] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001f86940 [ 2632.888520][ T9869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2632.896522][ T9869] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 07:52:23 executing program 4: 07:52:23 executing program 3: 07:52:23 executing program 0: 07:52:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2633.079630][ T9869] memory: usage 412kB, limit 0kB, failcnt 5291 [ 2633.095101][ T9869] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2633.245077][ T9869] Memory cgroup stats for /syz2: [ 2633.245407][ T9869] anon 61440 [ 2633.245407][ T9869] file 73728 [ 2633.245407][ T9869] kernel_stack 0 [ 2633.245407][ T9869] slab 241664 [ 2633.245407][ T9869] sock 0 [ 2633.245407][ T9869] shmem 0 [ 2633.245407][ T9869] file_mapped 0 [ 2633.245407][ T9869] file_dirty 135168 [ 2633.245407][ T9869] file_writeback 0 [ 2633.245407][ T9869] anon_thp 0 [ 2633.245407][ T9869] inactive_anon 135168 [ 2633.245407][ T9869] active_anon 61440 [ 2633.245407][ T9869] inactive_file 73728 07:52:24 executing program 0: [ 2633.245407][ T9869] active_file 45056 [ 2633.245407][ T9869] unevictable 0 [ 2633.245407][ T9869] slab_reclaimable 135168 [ 2633.245407][ T9869] slab_unreclaimable 106496 [ 2633.245407][ T9869] pgfault 111441 [ 2633.245407][ T9869] pgmajfault 0 [ 2633.245407][ T9869] workingset_refault 0 [ 2633.245407][ T9869] workingset_activate 0 [ 2633.245407][ T9869] workingset_nodereclaim 2244 [ 2633.245407][ T9869] pgrefill 90352 [ 2633.245407][ T9869] pgscan 730372 [ 2633.245407][ T9869] pgsteal 229142 07:52:24 executing program 4: [ 2633.407483][ T25] audit: type=1804 audit(1572076344.191:238): pid=9893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2350/bus" dev="sda1" ino=16561 res=1 [ 2633.477580][ T25] audit: type=1804 audit(1572076344.221:239): pid=9893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2350/bus" dev="sda1" ino=16561 res=1 [ 2633.709932][ T9869] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9869,uid=0 [ 2633.762959][ T9869] Memory cgroup out of memory: Killed process 9869 (syz-executor.2) total-vm:72456kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2633.826650][ T1062] oom_reaper: reaped process 9869 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 07:52:24 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0xffffff43) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000010003fcff000a0000000000000b030000000f0000000000000c0500001c060000000000000921000700000000006100e867b7df91f4434a3e5c1ba29a99660b2ff7c30c041601763ce19132e9748de4557aa6ed13016ecc2233945b001c7861be574aa7757380f3b6b85cd703f6cc213bfe849b94edf197496d2a01c00899986c6384a1c264908571b547f0274ea5e954f86fd9199494450c358c2cbbe5bb91e9027876c0d8ffab382fb7508e70371de73e2b3b74578649d0560088ffd1a37b9b"], &(0x7f0000000600)=""/181, 0xd3, 0xb5}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffff9c, 0xc0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x7, 0x1}, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x9, 0x2}, &(0x7f0000000580)=0x6, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000600)='vmnet0vboxnet0\x00'}, 0x30) r6 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000400)='cpu<-&&!\n\x00\x01\x00\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7\"\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000640)='nr0\x01:\xf2%\xa3\'>\xf8%\x81$?\xfa\x02\x00\xcd\x01\x7f\x02\x00\x00\x00\n\xf4D3A}\xe4\xac\xff\x82q\xc7J\xe2J?\x00\x8b\x9c[\xdd\x06\xa4\nl\x97\xe1b\x00\xa1Z\xd0\xb5w\r\xe4\x84\xe6\xa5=\xf4\xcb\xb9\x05\xd4\xab\xaf\xe4q\ro*u\x97j\xe3\xfa\xf9\xc8\xef9I\xe9\xd44\x05L\x8e\x1e]yYp\x9c\x8c\xcf5\xaeD\xf9\x8dN]qH\r\xb4\x99\xab\t\x9c\'-h\x949\x0fR\x87Z\xaa\xdc\xd0\x93~ F\xb0\xce+M\xd8\x15\xaf\x9e{\x82\xecV\"\xd1;\bw\xdf\xc4\xb5\x1f\'\x1c\xe6cUz\xf7{\xd0B$\xd2W\x96_\xcdH2t\xd2*?\xfa`\xbb\x0e{q\x8d$\xbc\xd7\xaaM\x8f\x8d\xe9\xeb\xd7\x82R\vA') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d40)={r8, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=0x9, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x0, 0x5}, 0x0, 0x0, &(0x7f0000000bc0)={0x0, 0x0, 0x7, 0x7ff}, &(0x7f0000000c00)=0x5, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xfffffffffffffd88) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000d80)={r9}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r7, 0x0, 0x16, &(0x7f0000000280)='bdevtrustedem0cgroup!\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r5, r6, 0x0, 0xe, &(0x7f0000000000)='memory.events\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r5, r1, 0x0, 0x2, &(0x7f0000000340)='[\x00', r3}, 0x30) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r4, 0x4) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) r10 = openat$cgroup_int(r2, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec={0x0, 0x1801}, 0x80, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r11 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000440)='syz0\x00', 0x200002, 0x0) perf_event_open$cgroup(&(0x7f00000014c0)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x51f1c3207f3e47f3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10000, 0x7f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x7f, 0x4, 0x7, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @perf_bp={&(0x7f0000000400), 0xc}, 0x24800, 0x5, 0x9, 0x0, 0x0, 0x64}, r11, 0xd, 0xffffffffffffffff, 0xd) openat$cgroup_int(r11, &(0x7f0000000300)='cpu.weight.nice\x00', 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000003c0)) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000002c0), 0x4) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r10, 0x0, 0x0) 07:52:24 executing program 3: 07:52:24 executing program 4: 07:52:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r3 = socket(0x2, 0x803, 0xff) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) r4 = dup(r3) r5 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x200004) sendfile(r4, r5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2634.121062][ T25] audit: type=1804 audit(1572076344.901:240): pid=9901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2351/bus" dev="sda1" ino=16579 res=1 [ 2634.171688][ T25] audit: type=1804 audit(1572076344.941:241): pid=9901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir548026192/syzkaller.H7pVOp/2351/bus" dev="sda1" ino=16579 res=1 [ 2634.455595][ T8681] device bridge_slave_1 left promiscuous mode [ 2634.461804][ T8681] bridge0: port 2(bridge_slave_1) entered disabled state [ 2634.515747][ T8681] device bridge_slave_0 left promiscuous mode [ 2634.522027][ T8681] bridge0: port 1(bridge_slave_0) entered disabled state [ 2635.375350][ T8681] device hsr_slave_0 left promiscuous mode [ 2635.425018][ T8681] device hsr_slave_1 left promiscuous mode [ 2635.493602][ T8681] team0 (unregistering): Port device team_slave_1 removed [ 2635.504402][ T8681] team0 (unregistering): Port device team_slave_0 removed [ 2635.515118][ T8681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2635.549953][ T8681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2635.611356][ T8681] bond0 (unregistering): Released all slaves [ 2635.693593][ T9908] IPVS: ftp: loaded support on port[0] = 21 [ 2635.757469][ T9908] chnl_net:caif_netlink_parms(): no params data found [ 2635.788268][ T9908] bridge0: port 1(bridge_slave_0) entered blocking state [ 2635.795451][ T9908] bridge0: port 1(bridge_slave_0) entered disabled state [ 2635.803157][ T9908] device bridge_slave_0 entered promiscuous mode [ 2635.810830][ T9908] bridge0: port 2(bridge_slave_1) entered blocking state [ 2635.818032][ T9908] bridge0: port 2(bridge_slave_1) entered disabled state [ 2635.826301][ T9908] device bridge_slave_1 entered promiscuous mode [ 2635.920504][ T9908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2635.931682][ T9908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2635.955494][ T9908] team0: Port device team_slave_0 added [ 2635.962662][ T9908] team0: Port device team_slave_1 added [ 2636.032787][ T9908] device hsr_slave_0 entered promiscuous mode [ 2636.085651][ T9908] device hsr_slave_1 entered promiscuous mode [ 2636.139177][ T9908] debugfs: Directory 'hsr0' with parent '/' already present! [ 2636.159974][ T9908] bridge0: port 2(bridge_slave_1) entered blocking state [ 2636.167065][ T9908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2636.174409][ T9908] bridge0: port 1(bridge_slave_0) entered blocking state [ 2636.181473][ T9908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2636.235297][ T9908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2636.254310][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2636.263267][T32140] bridge0: port 1(bridge_slave_0) entered disabled state [ 2636.277076][T32140] bridge0: port 2(bridge_slave_1) entered disabled state [ 2636.296400][ T9908] 8021q: adding VLAN 0 to HW filter on device team0 [ 2636.314617][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2636.323478][T32140] bridge0: port 1(bridge_slave_0) entered blocking state [ 2636.330552][T32140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2636.359506][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2636.368570][T26241] bridge0: port 2(bridge_slave_1) entered blocking state [ 2636.375640][T26241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2636.386191][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2636.396753][T26241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2636.412114][ T9908] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2636.422816][ T9908] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2636.436879][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2636.446024][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2636.454806][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2636.475818][T32140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2636.486047][ T9908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2636.836389][ T9915] ================================================================== [ 2636.844527][ T9915] BUG: KCSAN: data-race in list_lru_add / list_lru_count_one [ 2636.851876][ T9915] [ 2636.854204][ T9915] write to 0xffff8880ab63d6f0 of 8 bytes by task 9917 on cpu 0: [ 2636.861827][ T9915] list_lru_add+0x20e/0x450 [ 2636.866237][ T9917] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2636.866327][ T9915] workingset_update_node+0x115/0x130 [ 2636.866342][ T9915] xas_store+0x211/0xd60 [ 2636.866357][ T9915] __delete_from_page_cache+0x174/0x4a0 [ 2636.866369][ T9915] __remove_mapping+0x2ba/0x630 [ 2636.866394][ T9915] shrink_page_list+0xf43/0x26f0 [ 2636.876697][ T9917] CPU: 0 PID: 9917 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2636.881901][ T9915] shrink_inactive_list+0x3d1/0x920 [ 2636.886116][ T9917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2636.891639][ T9915] shrink_node_memcg+0x55c/0xf80 [ 2636.896460][ T9917] Call Trace: [ 2636.901381][ T9915] shrink_node+0x164/0xb30 [ 2636.909207][ T9917] dump_stack+0xf5/0x159 [ 2636.914377][ T9915] do_try_to_free_pages+0x242/0x940 [ 2636.924422][ T9917] dump_header+0xaa/0x449 [ 2636.929327][ T9915] try_to_free_mem_cgroup_pages+0x1fd/0x4c0 [ 2636.932605][ T9917] oom_kill_process.cold+0x10/0x15 [ 2636.936990][ T9915] memory_max_write+0x1ac/0x250 [ 2636.941219][ T9917] out_of_memory+0x231/0xa00 [ 2636.946384][ T9915] cgroup_file_write+0x119/0x320 [ 2636.950709][ T9917] mem_cgroup_out_of_memory+0x128/0x150 [ 2636.956562][ T9915] kernfs_fop_write+0x1f4/0x2e0 [ 2636.961676][ T9917] memory_max_write+0x17b/0x250 [ 2636.966489][ T9915] [ 2636.971093][ T9917] cgroup_file_write+0x119/0x320 [ 2636.975999][ T9915] read to 0xffff8880ab63d6f0 of 8 bytes by task 9915 on cpu 1: [ 2636.981545][ T9917] ? high_work_func+0x30/0x30 [ 2636.986372][ T9915] list_lru_count_one+0xbd/0x130 [ 2636.991228][ T9917] kernfs_fop_write+0x1f4/0x2e0 [ 2636.993526][ T9915] count_shadow_nodes+0x51/0x4a0 [ 2636.998452][ T9917] ? cgroup_css.part.0+0x90/0x90 [ 2637.005963][ T9915] do_shrink_slab+0xb7/0x5a0 [ 2637.010624][ T9917] __vfs_write+0x67/0xc0 [ 2637.015531][ T9915] shrink_slab+0x46e/0x540 [ 2637.020371][ T9917] ? kernfs_seq_show+0xe0/0xe0 [ 2637.025270][ T9915] shrink_node+0x1ad/0xb30 [ 2637.030189][ T9917] vfs_write+0x18a/0x390 [ 2637.034750][ T9915] do_try_to_free_pages+0x242/0x940 [ 2637.038976][ T9917] ksys_write+0xd5/0x1b0 [ 2637.043368][ T9915] try_to_free_mem_cgroup_pages+0x1fd/0x4c0 [ 2637.048118][ T9917] __x64_sys_write+0x4c/0x60 [ 2637.052503][ T9915] try_charge+0x4d1/0xbc0 [ 2637.056744][ T9917] do_syscall_64+0xcc/0x370 [ 2637.061908][ T9915] mem_cgroup_try_charge+0xd2/0x260 [ 2637.066139][ T9917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2637.071997][ T9915] __add_to_page_cache_locked+0x163/0x780 [ 2637.076575][ T9917] RIP: 0033:0x459f39 [ 2637.080881][ T9915] add_to_page_cache_lru+0xe2/0x2d0 [ 2637.085381][ T9917] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2637.090537][ T9915] pagecache_get_page+0x2ab/0x760 [ 2637.096401][ T9917] RSP: 002b:00007f9d69ef2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2637.102101][ T9915] grab_cache_page_write_begin+0x5d/0x90 [ 2637.105973][ T9917] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2637.111143][ T9915] [ 2637.131700][ T9917] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2637.136700][ T9915] Reported by Kernel Concurrency Sanitizer on: [ 2637.145096][ T9917] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2637.150709][ T9915] CPU: 1 PID: 9915 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2637.158663][ T9917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d69ef36d4 [ 2637.160979][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2637.168944][ T9917] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2637.175072][ T9915] ================================================================== [ 2637.187116][ T9917] memory: usage 4728kB, limit 0kB, failcnt 5707 [ 2637.190808][ T9915] Kernel panic - not syncing: panic_on_warn set ... [ 2637.190826][ T9915] CPU: 1 PID: 9915 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 [ 2637.190835][ T9915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2637.190839][ T9915] Call Trace: [ 2637.190865][ T9915] dump_stack+0xf5/0x159 [ 2637.190884][ T9915] panic+0x210/0x640 [ 2637.190902][ T9915] ? mem_cgroup_try_charge+0xd2/0x260 [ 2637.190931][ T9915] ? vprintk_func+0x8d/0x140 [ 2637.199057][ T9917] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2637.208934][ T9915] kcsan_report.cold+0xc/0x10 [ 2637.208955][ T9915] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 2637.208973][ T9915] __tsan_read8+0x2c/0x30 [ 2637.208989][ T9915] list_lru_count_one+0xbd/0x130 [ 2637.209017][ T9915] count_shadow_nodes+0x51/0x4a0 [ 2637.220119][ T9917] Memory cgroup stats for /syz1: [ 2637.221938][ T9917] anon 4366336 [ 2637.221938][ T9917] file 0 [ 2637.221938][ T9917] kernel_stack 36864 [ 2637.221938][ T9917] slab 319488 [ 2637.221938][ T9917] sock 0 [ 2637.221938][ T9917] shmem 0 [ 2637.221938][ T9917] file_mapped 0 [ 2637.221938][ T9917] file_dirty 0 [ 2637.221938][ T9917] file_writeback 0 [ 2637.221938][ T9917] anon_thp 4194304 [ 2637.221938][ T9917] inactive_anon 0 [ 2637.221938][ T9917] active_anon 4366336 [ 2637.221938][ T9917] inactive_file 90112 [ 2637.221938][ T9917] active_file 106496 [ 2637.221938][ T9917] unevictable 0 [ 2637.221938][ T9917] slab_reclaimable 135168 [ 2637.221938][ T9917] slab_unreclaimable 184320 [ 2637.221938][ T9917] pgfault 102300 [ 2637.221938][ T9917] pgmajfault 0 [ 2637.221938][ T9917] workingset_refault 0 [ 2637.221938][ T9917] workingset_activate 0 [ 2637.221938][ T9917] workingset_nodereclaim 1749 [ 2637.221938][ T9917] pgrefill 58530 [ 2637.221938][ T9917] pgscan 599408 [ 2637.221938][ T9917] pgsteal 207384 [ 2637.225010][ T9915] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2637.225033][ T9915] do_shrink_slab+0xb7/0x5a0 [ 2637.225055][ T9915] ? radix_tree_lookup+0x33/0x40 [ 2637.225084][ T9915] shrink_slab+0x46e/0x540 [ 2637.231661][ T9917] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9914,uid=0 [ 2637.237876][ T9915] shrink_node+0x1ad/0xb30 [ 2637.237906][ T9915] do_try_to_free_pages+0x242/0x940 [ 2637.237935][ T9915] try_to_free_mem_cgroup_pages+0x1fd/0x4c0 [ 2637.237970][ T9915] try_charge+0x4d1/0xbc0 [ 2637.253190][ T9917] Memory cgroup out of memory: Killed process 9914 (syz-executor.1) total-vm:72720kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2637.255799][ T9915] ? rcu_note_context_switch+0x701/0x760 [ 2637.255820][ T9915] mem_cgroup_try_charge+0xd2/0x260 [ 2637.255842][ T9915] __add_to_page_cache_locked+0x163/0x780 [ 2637.255876][ T9915] ? __read_once_size.constprop.0+0x20/0x20 [ 2637.502629][ T9915] add_to_page_cache_lru+0xe2/0x2d0 [ 2637.507820][ T9915] pagecache_get_page+0x2ab/0x760 [ 2637.512836][ T9915] grab_cache_page_write_begin+0x5d/0x90 [ 2637.518456][ T9915] ext4_da_write_begin+0x175/0x7e0 [ 2637.523556][ T9915] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 2637.529177][ T9915] generic_perform_write+0x136/0x320 [ 2637.534456][ T9915] __generic_file_write_iter+0x251/0x380 [ 2637.540091][ T9915] ext4_file_write_iter+0x1bd/0xa00 [ 2637.545380][ T9915] new_sync_write+0x388/0x4a0 [ 2637.550051][ T9915] __vfs_write+0xb1/0xc0 [ 2637.554282][ T9915] vfs_write+0x18a/0x390 [ 2637.558512][ T9915] ksys_write+0xd5/0x1b0 [ 2637.562746][ T9915] __x64_sys_write+0x4c/0x60 [ 2637.567324][ T9915] do_syscall_64+0xcc/0x370 [ 2637.571815][ T9915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2637.577691][ T9915] RIP: 0033:0x459f39 [ 2637.581578][ T9915] Code: Bad RIP value. [ 2637.585626][ T9915] RSP: 002b:00007f9d69f13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2637.594022][ T9915] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 [ 2637.601987][ T9915] RDX: 00000000ffffff43 RSI: 0000000020000080 RDI: 0000000000000003 [ 2637.609940][ T9915] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2637.617909][ T9915] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d69f146d4 [ 2637.625873][ T9915] R13: 00000000004ca618 R14: 00000000004e25c0 R15: 00000000ffffffff [ 2637.636026][ T9915] Kernel Offset: disabled [ 2637.640347][ T9915] Rebooting in 86400 seconds..